- novembre 4, 2015
- Revue de Presse
- Chaouki Bekrar, jailbreak, sms exploit ios, vulnerability ios, Zerodium
- 0 comment
An anonymous team of hackers has successfully broken into Apple’s newest operating system, iOS 9.1. And, for their efforts, they will be awarded $1 million. The hackers, who are security researchers, found a way to remotely control Apple mobile devices and install arbitrary apps, PC World reported.
The contest started in September of this year and the company behind it, Zerodium, is in the shady business of buying and selling information on software vulnerabilities. They congratulated the winners over Twitter but declined to identify them. Apple was not available for immediate comment, ZDNet noted.
The hackers’ exploit is still being confirmed as of this posting. Chaouki Bekrar, Zerodium’s founder, said, that it « is still being extensively tested by Zerodium to verify and document each of the underlying vulnerabilities. »
The contest involved the use of a remote, browser-based exploit. This means that unauthorized code will be introduced to the mobile device when the user opens Chrome or some other browser. An sms or mms-based exploit was also permissible, Digital Trends reported.
Zerodium pays a premium for the software vulnerabilities it has. Unlike the developers of the jailbreak code who made it public, the importance of breaking into Apple’s iOS is recognized by everyone.
« If they’re paying a million dollars, I’m sure that means someone is willing to buy it for that or more, » Patrick Wardle, director of research at Synack, a service that brings together security researchers and bug-hunting work, said last Monday.
Zerodium will not release its findings until clients sign up for its Security Research Feed. Turns out, the hack had to consist of several layers. The first is finding a browser vulnerability. The second layer is finding a vulnerability in the OS itself. And, lastly, the hackers also had to make sure that the code would remain even after rebooting the device.