Black Hat security company Zerodium has increased the incentive for hackers to create a successful jailbreak of Apple’s latest mobile operating system, iOS 10 to $1.5 million. The firm offered $1 million for a similar exploit for iOS 9, but usually offers $500,000 for this type of thing.
Zerodium is known as a black hat type of security firm, as the exploits they purchase aren’t shared with the developer of the operating system or app, but are instead sold to its own customers, such as government agencies, technology firms, and other type of buyers with deep pockets.
The new $1.5 billion iOS 10 bounty carries no expiration date, but instead is a permanent offer, which was increased due to the increased security in the latest and greatest Apple mobile operating system. Zerodium has also doubled the amount, (to $200,000), it will pay for attacks that exploit previously unknown vulnerabilities in Google’s Android operating system
Zerodium founder Chaouki Bekrar on Thursday told Arstechnica the increase in bounties is due to the security improvements in both operating systems.
“Prices are directly linked to the difficulty of making a full chain of exploits, and we know that iOS 10 and Android 7 are both much harder to exploit than their previous versions,” he told Ars. Asked why a string of iOS exploits commanded 7.5 times the price of a comparable one for Android he said: “That means that iOS 10 chain exploits are either 7.5 x harder than Android or the demand for iOS exploits is 7.5 x higher. The reality is a mix of both.”
While the bounties companies like Apple and Google offer for similar information come in way below Zerodium’s offer – Apple’s bounties top out at $250,000, while Google pays a maximum of $38,000 – Zerodium requires the exploits to work nearly flawlessly, giving the attacker complete control over a hacked device. (Called a “weaponized exploit.”) Apple and Google will pay for exploits that have a less than perfect exploit concept, so they require less work than creating a proof of concept for Zerodium.