in Early August, Apple announced the launch of its programme bug bounty, in order to reward those who manage to find vulnerabilities in its programs. The bonuses can climb up to $ 200 000 to the hacking of the firmware boot of iOS 10. The company Zerodium sets the bar much higher by offering $ 1.5 million. It is three times more than what was proposed for iOS 9 – Zerodium suggested 1 million and $ 500,000 – and more than seven times more than what is proposed for the hack of Android Nougat.
“iOS is far more robust than Android”
A difference in pay is justified by Chaouki Bekrar, the founder of Zerodium. “The new versions of iOS and Android are both more secure and include new protections, [...] which prompted us to increase their respective prices. Thanks to its architecture and its partitioning, iOS is far more robust than Android. This is what justifies the price gap between the two feats” he confirms.
But the approach of Zerodium is quite different from that of Apple. For its part, California has established a list of experts who can work on his program. He asks them to highlight some of the loopholes that allow you to take control of the machine at startup or come to the end of the Secure Enclave, a built-in component to the processor of the iPhone and responsible for secure access to personal data.
In Zerodium, the hunt is open to all and the difficulty level is a notch above. To reach the mother lode, the hackers must provide a turnkey solution to hack into a remote device running iOS 10, without any interaction with the target is necessary. Specifically, the hacking must be done from a Web page on Safari, or sending a SMS. That could take “several weeks or even several months,” according to Chaouki Bekrar. And the purpose of Zerodium is not to protect the user.
For the NSA and the FBI?
If Apple uses its bug bounty to strengthen the security of its smartphones, Zerodium the later sold to government organizations. One can imagine that the NSA or the FBI – who had struggled to come to grips with the iPhone in San Bernardino – as part of its customers.
“From our bounty last year and the case of San Bernardino, our customers have understood that the security of iOS was a brake to some operations or investigations. They also understood that a high price would help to find a solution to any technical problem. They are therefore willing to invest more in this type of solutions, even if the prices are exorbitant,” said Bekrar.
Well that it will allow its customers to break their security, the CEO of Zerodium uses smartphones to the apple. “I do not trust that it to Apple, so I use (and I recommend) the iPhone with iOS 10,” he concluded. Has 1.5 million the fault, as much to touch as many people as possible.
No comments:
Post a Comment