A team of researchers has made themselves an easy $1 million (R13 million) by jailbreaking iOS 9.1. The team managed to crack iOS 9 open to enable installation of any app on any Apple iPhone or iPad.
The money is being paid by, Zerodium a controversial company that specialises in finding zero day exploits in software and selling them back to the vendor who can create patches.
The bounty to “break” iOS 9 was announced via the Zerodium web page in September, when $3 million was offered to teams or individuals who could break the operating system. To claim the bounty security professionals, reverse engineers and jailbreak developers had to develop the jailbreak under the following criteria:
- The jailbreak must include a full chain of zero-day vulnerabilities that bypass current iOS9 exploit preventions.
- The jailbreak process must be done remotely, reliably silently and without user interaction.
- The jailbreak can be deployed using one of three methods; a webpage targeting the mobile browser, a webpage targeting an application reachable through the browser, and a text or multimedia message.
- The jailbreak must allow installation of a remote, privileged and persistent app on the fully updated iOS 9 smartphone or tablet.
The jailbreak can be used by Apple fans who don’t want the company to dictate what they can and can’t install on their tablets and smartphones but security agencies may use it as well. Given how sneaky the jailbreak is security agencies could easily install the exploit on a user’s iPhone and additional monitoring software to track user activity.
Before you rush off to try jaibreak your iPhone you should be aware that Apple expressly states you may not “decompile, reverse engineer, disassemble, attempt to derive the source code of, decrypt, modify, or create derivative works of the iOS Software or any services provided by the iOS Software” in its terms and conditions.