Know a way to hack an iPhone or an iPad? You can win $1 million. Notorious zero-day exploits merchant firm Zerodium has announced the bounty program for security enthusiasts and hackers who can find vulnerabilities and exploits affecting iOS 9-powered iPhone or iPad.
Zerodium, founded by Chaouki Bekrar who is best known for founding French security firm Vupen, announced on Monday that any person who can find an exploit that allows an attacker to remotely install an arbitrary app with full admin access on Apple's iOS 9-powered devices such as the iPhone 6s, the iPad Pro, the iPhone 5s, among others, will be awarded with a million dollars (roughly Rs. 6.5 crore). The attack needs to take place either via a Web browser, or any other app reachable via the Web browser, or incoming text or multimedia message. The company says that it will offer multiple awards, though $3 million (roughly Rs. 19.6 crore) might be the maximum it has to offer as of now. The company has set October 31 as the deadline for the program.
"Due to the increasing number of security improvements and the effectiveness of exploit mitigations in place, Apple's iOS is currently the most secure mobile OS," Zerodium's noted on its website. "But don't be fooled, secure does not mean unbreakable, it just means that iOS has currently the highest cost and complexity of vulnerability exploitation and here's where the Million Dollar iOS 9 Bug Bounty comes into play."
Bug bounty isn't a new thing. In fact, tech companies including Facebook, Google, and Microsoft have been running such programs for years now. But there's also a grey market out there that offer to buy and resell high-value zero-day bugs and exploits. These merchants then sell it to intelligence agencies and even government agencies, as seen in the leaked documents in the recent HackingTeam hack.