iPhone exploit bounty surges to an eye-popping $1.5 million

Enlarge (credit: Antoine Taveneaux)
A controversial broker of security exploits is offering $1.5 million (£1.2 million) for attacks that work against fully patched iPhones and iPads, a bounty that’s triple the size of its previous one.
Zerodium als…

Enlarge (credit: Antoine Taveneaux)

A controversial broker of security exploits is offering $1.5 million (£1.2 million) for attacks that work against fully patched iPhones and iPads, a bounty that's triple the size of its previous one.

Zerodium also doubled, to $200,000, the amount it will pay for attacks that exploit previously unknown vulnerabilities in Google's competing Android operating system, and the group raised the amount for so-called zeroday exploits in Adobe's Flash media player to $80,000 from $50,000. After buying the working exploits, the company then sells them to government entities, which use them to spy on suspected criminals, terrorists, enemies, and other targets.

Last year, Zerodium offered $1 million for iOS exploits, up to a total of $3 million. It dropped the price to $500,000 after receiving and paying for three qualifying submissions. On Thursday, Zerodium founder Chaouki Bekrar said the higher prices are a response to improvements the software makers—Apple and Google in particular—have devised that make their wares considerably harder to compromise.

Read 7 remaining paragraphs | Comments

Scammers spoof TaiG, offer fake iOS jailbreak

Scammers are spoofing the popular TaiG jailbreaking site to offer a fake iOS 9.2.1 jailbreak tool that leads to a donation page.続きを読む

Scammers are spoofing the popular TaiG jailbreaking site to offer a fake iOS 9.2.1 jailbreak tool that leads to a donation page.

続きを読む

Scammers spoof TaiG, offer fake iOS jailbreak

Scammers are spoofing the popular TaiG jailbreaking site to offer a fake iOS 9.2.1 jailbreak tool that leads to a donation page.続きを読む

Scammers are spoofing the popular TaiG jailbreaking site to offer a fake iOS 9.2.1 jailbreak tool that leads to a donation page.

続きを読む

iPhone passcode bypassed with NAND mirroring attack

Enlarge (credit: Sergei Skorobogatov/YouTube)
Passcodes on iPhones can be hacked using store-bought electronic components worth less than $100 (£77), according to one Cambridge computer scientist.
Sergei Skorobogatov has demonstrated that NAND mirr…

Enlarge (credit: Sergei Skorobogatov/YouTube)

Passcodes on iPhones can be hacked using store-bought electronic components worth less than $100 (£77), according to one Cambridge computer scientist.

Sergei Skorobogatov has demonstrated that NAND mirroring—the technique dismissed by James Comey, the director of the FBI, as unworkable—is actually a viable means of bypassing passcode entry limits on an Apple iPhone 5C. What's more, the technique, which involves soldering off the phone's flash memory chip, can be used on any model of iPhone up to the iPhone 6 Plus, which use the same type of LGA60 NAND chip. Later models, however, will require "more sophisticated equipment and FPGA test boards."

In a paper he wrote on the subject, Skorobogatov, a Russian senior research associate at the Cambridge Computer Laboratory's security group, confirmed that "any attacker with sufficient technical skills could repeat the experiment," and while the technique he used is quite fiddly, it should not present too much of an obstacle for a well-resourced branch of law enforcement.

Read 13 remaining paragraphs | Comments