It was announced today by Zeronium that their recent bounty of $1 million for a hack that would remotely compromise an iPhone running iOS 9 has been claimed.
The bounty for the hack was posted back in September, and with merely hours left on the bounty, it was revealed on Twitter that a winning team had come forth and claimed the bounty. With no details on the team in question or the hack itself, the legitimacy of the claim is uncertain, with the possibility of it being a PR stunt by Zeronium considered by some. However Chaouki Bekrar, owner of Zeronium, is a notorious exploit trader and iOS 9 being hacked isn’t unbelievable.
The reason for the bounty on the hack being so high is due to its very specific nature, and with iOS having no publicly announced remote jailbreaks since iOS 7, it was not an easy challenge. The specification of the hack is as follows:
“The whole exploitation/jailbreak process should be achievable remotely, reliably, silently, and without requiring any user interaction except visiting a web page or reading a SMS/MMS”.
This means that it not only required the finding and leveraging of an iOS bug, but also chaining it together with an exploit in a web browser of the iPhone’s own messaging app. This would mean that an attacker could then remotely install apps onto the device or access its data, which is a worrying prospect for Apple and their claims of security and encryption of data on their latest mobile OS.
Despite this news, Bekrar went on to tweet that he was unconcerned about continuing to use his iPhone, despite the hack, feeling assured in how hard it is to execute. But with this hack presumably sold to the highest bidder, are you worried that your phone may not be as secure as you think?