Zerodium has offered a $1 million reward for each individual or team that can create and submit to the company an exclusive, browser-based and untethered jailbreak for Apple's iOS 9.
(Photo : Zerodium)
Zerodium, a cybersecurity firm, has placed a bounty on the iOS 9 through an announcement on its official blog.
The company described Apple's latest mobile operating system as currently the most secure one available in the market. However, being secure does not mean that iOS 9 is unbreakable, as it only means that the mobile operating system has the highest complexity and cost for exploiting vulnerabilities.
Zerodium then offers a reward of $1 million for each individual or team that can create and submit to the company an exclusive, browser-based and untethered jailbreak for Apple's iOS 9.
The company said that it can pay out a total of as much as $3 million in the offer, which would last until Oct. 31 at 6:00 p.m. EDT. The offer will be terminated, however, if the $3 million in total is paid out before then, meaning that three teams or individuals have sent in jailbreaks that follow Zerodium's conditions.
Zerodium was founded just this previous summer by Chaouki Bekrar, who has made a name for himself as a merchant of zero-day exploits, which are computer codes that attack vulnerabilities in software that were previously unknown. Bekrar also founded Vupen, a company that sells computer exploits and bugs that it discovers through internal research.
Zerodium, on the other hand, bases its business on receiving submissions from researchers outside the company. In the offer for iOS 9 jailbreaks, the company said that the payment of $1 million to a submitted and confirmed exploit constitutes the acquisition of the exclusive rights to the jailbreak and all related information.
Both Vupen and Zerodium, however, do not disclose the vulnerabilities that they discover to the affected companies and instead sell the information to whichever company or agency bids the highest.
According to Bekrar, Zerodium has paid out $100,000 to $150,000 per week to researchers that have disclosed zero-day exploits and vulnerabilities, with the company offering the most money for mobile exploits that can go as high as $100,000 each.
News website Fortune requested for comment from Apple regarding Zerodium's offer, but the company did not immediately respond.
The business models used by Bekrar for Zerodium and Vupen are controversial, to say the least, with American Civil Liberties Union chief technologist describing such companies as "modern-day merchants of death," as it is difficult to monitor who purchases and ultimately uses sold exploits.
Despite the criticism, however, hackers are for sure now on a race to win that $1 million reward from Zerodium.