A security firm that hunts for undiscovered software bugs is paying out $1 million to a hacking group for breaking into Apple’s mobile operating system.

{mosads}The company, Zerodium, compiles what are known as “zero days,” or security flaws that are unknown to the software manufacturer.

It announced in September that it would pay $1 million for jailbreaking Apple’s newly-released iOS 9. The reward is the largest such bounty ever offered.

“Our iOS #0day bounty has expired & we have one winning team who made a remote browser-based iOS 9.1/9.2b #jailbreak (untethered). Congrats!” Zerodium tweeted on Monday.

According to the terms of the bounty, the iPhone exploit must “be achievable remotely, reliably, silently, and without requiring any user interaction except visiting a web page” or reading a text message.

“Bug bounties” are becoming increasingly popular as companies struggle to keep up with an onslaught of cyber intrusions. In May, United Airlines began offering free miles to people who uncover security flaws in its websites and digital infrastructure.

Zerodium’s offer required hackers not to disclose the vulnerability to Apple so that its customers can use the hack in secret.

Critics say that Zerodium’s tactics could lead to zero-day flaws falling into the hands of governments with poor human rights records that would use the information as a surveillance tool.

According to the company’s website, its clients include “major corporations in defense, technology, and finance, in need of advanced zero-day protection, as well as government organizations in need of specific and tailored cybersecurity capabilities.”

Although Zeroidum was established in July, founder Chaouki Bekrar has faced tough criticism in the past for exploiting zero-day flaws for profit — ACLU lead technologist Chris Soghoian has called him a “modern-day merchant of death,” selling “the bullets for cyberwar.”

Bekrar is unapologetic.

“We do the best we can to ensure it won’t go outside that agency,” Bekrar told Wired in 2012. “But if you sell weapons to someone, there’s no way to ensure that they won’t sell to another agency.”

Bekrar told Wired that this latest iOS hack will “likely” only be sold to U.S. customers.

Tags
See all Hill.TV See all Video

Most Popular

Load more

Video

See all Video