Somebody Just Claimed a $1 Million Bounty for Hacking the iPhone by Lorenzo Franceschi-Bicchierai.
From the post:
Apple devices are widely considered extremely secure and hard to hack. But as the internet adage says, everything can be hacked—even the new iPhone.
Over the weekend, somebody claimed the $1 million bounty set by the new startup Zerodium, according to its founder Chaouki Bekrar, a notorious merchant of unknown, or zero-day, vulnerabilities.
The challenge consisted of finding a way to remotely jailbreak a new iPhone or iPad running the latest version of Apple’s mobile operating system iOS (in this case iOS 9.1 and 9.2b), allowing the attacker to install any app he or she wants with full privileges. The initial exploit, according to the terms of the challenge, had to come through Safari, Chrome, or a text or multimedia message.
This essentially meant that a participant needed to find a series, or a chain, of unknown zero-day bugs, not just one, according to Patrick Wardle, a researcher that works at security firm Synack. For example, the Chinese white hat hacking team Pangu already found a way to jailbreak the new iPhone, but that method didn’t work remotely.
…
The Justice Department should stop pestering Apple (Justice Department Press Gang News) and contact Chaouki Bekrar at Zerodium for an appropriate hack.
Magistrate Judge James Orenstein should find as a matter of fact (take judicial notice is the fancy way to say it) that the Justice Department has reasonable alternatives to forcing Apple into involuntary servitude to crack the iPhone in question.
The Justice Department would have to pay Zerodium for that service but better an honest commercial transaction than reviving slavery to benefit the government.
PS: Yes, I know the issue with Judge Orenstein involves an earlier version of iPhone software but the fact remains that the Justice Department hasn’t exhausted its remedies before applying to the court under All Writs. The government should have to show that the NSA, CIA, and commercial exploit vendors like Zerodium can’t help before turning to the All Writs Act.
PS: The Justice Department call follow @Zerodium on Twitter.