Just a week after Apple officially released iOS 9, a technology firm is trying to take it down. Zerodium is offering up to three separate $1 million awards to anyone who can provide an exclusive hack on Apple’s new operating system.
So why would any technology company try and take on Apple, one of the wealthiest and most influential companies in the world? Zerodium is an exploit acquisition company, also known as an exploit reseller. That means they’re looking to purchase “jailbreaks,” coding techniques that allow someone to override the security restrictions on Apple’s mobile operating system and devices.
With such access, users could install applications or software that are not sanctioned by Apple (or listed in their official app store). Zerodium certainly isn’t the only group looking for viable jailbreaks; government agencies and intelligence organizations could use jailbreaks to install malicious code or surveillance software on Apple devices. If Zerodium can purchase these exploits, they could then sell that access to foreign governments or Apple’s rivals — or just the highest bidder.
“If they can sell it to four different countries for $300,000, they’ll make a profit,” said Robert Graham, CEO of Errata Security. “On the other hand, some countries will pay more for exclusive access to a bug — paying for the privilege of cyber-superiority.”
But gaining access won’t be easy. Companies like Apple spend billions to safeguard their creations, and consumers are increasingly aware of how vulnerable their digital lives really are. That’s why the market for cloud-based security services is expected to reach $8.71 billion by 2019. And few companies can invest in security as heavily as Apple. Even Zerodium’s own researchers were forced to acknowledge that the new iOS ” “is currently the most secure mobile OS.”
Even so, Graham believes hackers have already found ways to exploit iOS 9. Apple launched a beta version of the operating system before the official launch, which means hackers have had plenty of time to pick apart the code. With the $1 million bounty, Zerodium wants to acquire that knowledge before anyone else.
“The Million Dollar iOS 9 Bug Bounty is tailored for experienced security researchers, reverse engineers, and jailbreak developers, and is an offer made by ZERODIUM to pay out a total of three million U.S. dollars,” the company writes on their website. “Eligible submissions must include a full chain of unknown, unpublished, and unreported vulnerabilities/exploits (aka zero-days).”