This is the business model of the company that put out the $1m bounty on the remote iOS 9.1 and 9.2b jailbreak:
Bekrar and Zerodium, as well as its predecessor VUPEN, have a different business model. They offer higher rewards than what tech companies usually pay out, and keep the vulnerabilities secret, revealing them only to certain government customers, such as the NSA.
Can anyone explain why iOS jailbreaking info would be worth more than $1m to the NSA? Also, isn't it weird that we are funding the government's ability to jailbreak iPhones? It's like a double slap in the face.
I would imagine that Apple would be willing to pay at least $5m (~0.000025% of cash reserves) in order to buy the exploit and patch it in order to protect their image as one of the last "good guys" in the fight against government surveillance creep.
Until it’s patched you can sell the bug to more than one party. The NSA is around 15% of US intelligence budget and gets 10 billion / year so they do have plenty of money to spend. In the end it's not a question of getting 1+ million from the NSA it's a little from the NSA a little from China, Russia, and or Japan etc.
> Can anyone explain why iOS jailbreaking info would be worth more than $1m to the NSA?
Jailbreaks are essentially reliable exploits, so any "jailbreak" if tweaked would also be a good way of installing malware or an implant in NSA parlance. This is also not just one vulnerability it's several, a remote vuln to get on the phone, a sandbox escape, a info leak to calculate the ALSR slide and a kernel exploit. This is a considerable amount of work, I'm guessing a month or so of fuzzing and manual testing, and 2 months to develop the jailbreak/exploits.
iOS jailbreaking would be valuable not only to the NSA, these private companies will sell and re-sell the exploit to multiple parties. So buying it for $1m and then selling it to 5 or 6 governments or agencies at $0.5m a time results in a tidy little profit.
Have a look at the Italian cybersecurity firm Hacking Team, they were routinely selling exploits or packages of exploits to governments around the world. There was no exclusivity agreement for these sales.
As for apple paying as others have mentioned they dont pay bug bounties and usually these vulnerabilities are found by people jailbreaking iPhones, they are usually released for free and at that stage apple can patch the vulnerability for their next software version.
I expect that this will be the end of free jailbreaks on apple products now, selling your exploit will become too valuable to release for free (at least remotely executable exploits will).
I think you have your "or" precedence incorrect. It is "sanctioned by the (United Nations or United States)" not "(sanctioned by the United Nations) or (United States)":
From their FAQ:
Researchers from most countries can participate in the ZERODIUM program, however, if you are a citizen/resident of a country listed on US/UN sanctions lists, you are ineligible to participate to the program.
Pretty unethical to claim this reward, IMO (if it actually happened and this isn't just a publicity stunt). The people who claimed it had to know it was going to be sold to government agencies (including potentially oppressive countries that may use this to target activists). If they didn't care about ethics, I wonder why they didn't just sell it themselves and cut out the middle man?
Eh, I feel like it's middle-road. If you genuinely had a deep-seeded care about ethics in software, you would be RMS, not using any sort of non-free software. This is exactly the type of thing that justifies his stance.
On the other hand, if you are Randian, then taking the bounty is the ONLY ethical thing you can do, as Apple explicitly does not pay bounties of any amount.
While I'm troping, I'll take this chance to say that Down with Microsoft, Google is a hypocrite for "Do No Evil" and Cult of Apple are idiots...
Because it's government, and you need the right person who can approve such a purchase.
Also, who cares about the middle man? It's a MILLION dollars now. Today. Not maybe in 6 months, but now. Seems like a great way to earn a living as a geek, without getting too involved in the whole intelligence thing.
Why not? Is it illegal to hack your own iphone on a closed LAN? Do you have to be a startup to negotiate with the NSA? I reckon it would be worth a try.
I'm not pro-surveillance, so I wouldn't, but speaking hypothetically here.
Yes, it may be illegal. Tablets are always illegal to jailbreak. Phones are illegal to jailbreak if it allows unlocking of the phone, and the phone was sold before 2013. It IS legal to jailbreak your phone for the SOLE purpose of accessing copyright information that you have legal rights to.
I don't understand, if nobody knows what team hacked it, and nobody knows anything about the actual exploits, or whether the payment was really made, how can anyone prove this is actually real?
I guess our only hope here, then, is that at least some of those who gets ahold of the exploit accidentally triggers a crash report and autosubmits it to apple so they can fix the bugs...
Obviously the logical assumption to make here is that this isn't the only exploitable bug for this version of iOS. Many many more exist and are already in the hands of various nation state actors, possibly even common criminals.
Look at the capabilities Snowden revealed, some of them read like SciFi and NSA had them close to a decade ago. Do you seriously believe the NSA and any other similarly well-funded actor _does not_ have multiple remote exploits for iOS and if they just fix this one, everything will be alright?
There are other actors, not quite top-of-the-pyramid-NSA level, that would gladly pay a million $ for this though, and this is where zerodium is selling.
Your only hope is to assume that everything can be compromised and if you have reason to fear said compromise (some would say do it even if you don't), come up with a plan that takes that into account (risk analysis, compartmentalization, segmentation, assumption of compromise).
Am I missing something, or there is no link to the claimed $1M bounty "press release?"
I have been on Zerodium page, and there are no indications that this has happened. Vice.com says really nothing, other than repeating what the bounty entails, and that some "unknown group of hackers" did it.
Bekrar and Zerodium, as well as its predecessor VUPEN, have a different business model. They offer higher rewards than what tech companies usually pay out, and keep the vulnerabilities secret, revealing them only to certain government customers, such as the NSA.
Can anyone explain why iOS jailbreaking info would be worth more than $1m to the NSA? Also, isn't it weird that we are funding the government's ability to jailbreak iPhones? It's like a double slap in the face.
I would imagine that Apple would be willing to pay at least $5m (~0.000025% of cash reserves) in order to buy the exploit and patch it in order to protect their image as one of the last "good guys" in the fight against government surveillance creep.