A team of hackers has succeeded in remotely jailbreaking the iOS 9, winning a handsome $1 million reward from Washington D.C.-based Zerodium. In September, Zerodium announced that it would give out $1 million to any individual or team that could come up with a remote, browser-based iOS 9 jailbreak before October 31st. Jailbreaking the OS was a major challenge for hackers as Apple had added strong defenses around it.
Only one team could jailbreak iOS 9 remotely
On Monday, Zerodium said in a tweet that one team (which has not been named) had successfully jailbroken the iOS 9.1 and 9.2, the latest versions of Apple’s new mobile OS. According to Motherboard, two teams had made significant progress, but they both were stuck on the same issue. Finally, one team succeeded in developing the untethered jailbreak.
Our iOS #0day bounty has expired & we have one winning team who made a remote browser-based iOS 9.1/9.2b #jailbreak (untethered). Congrats!
— Zerodium (@Zerodium) November 2, 2015
Though Chinese group Pangu had unveiled its own jailbreak, it couldn’t win the bounty because Zerodium required the jailbreak to be fully remote. A remote exploit means the unauthorized code must be delivered to an iOS 9 device by getting the user to visit a web page via Safari or Google Chrome, or via text messages sent to the iPhone or iPad.
Zerodium to sell iOS 9 jailbreak to big-ticket customers
The winning team had to do far more work than Pangu. They had to find a series of “zero-day exploits” to jailbreak the Apple device. Zerodium founder Chaouki Bekrar said remote jailbreaking requires at least two to three additional exploits compared to a local jailbreak. Bekrar said the second team made a “partial jailbreak” so it may qualify for a “partial bounty.”
The $1 million bounty could be a good investment for Zerodium, which is involved in the business of trading information about software vulnerabilities. It would sell the exploits developed by hackers to major technology, finance, and defense corporations, as well as government agencies. Since it will be selling the jailbreak to “likely” the American customers only, Zerodium won’t immediately report vulnerabilities in iOS 9 to Apple.
