Zerodium, a security company that offers a set of bounties for previously unknown software vulnerabilities, has increased its reward for a working iOS 10 hack to $1.5 million.
Specifically, the company is looking for a zero-day, remote jailbreak in iOS 10 which means removing Apple’s software restrictions on an iOS 10 device you don’t physically have access to. The “zero-day” bit, in hacking terminology, means the exploit has not been publicly disclosed (and thus Apple would have zero days to fix it after it became active).
Sounds like easy money? Well, this is exactly the sort of thing the U.S. government spent more than a month looking for when it wanted to hack into an iPhone that was used by San Bernardino gunman Syed Farook — and that was for an old version of iOS. Unsurprisingly, governments are mostly the type of clients Zerodium is working with, alongside major corporations.
Zerodium claims the new iOS 10 bounty — a hefty increase from the $1 million bounty the company gave out for iOS 9 hacks — is permanent.
“We’ve increased the price due to the increased security for both iOS 10 and Android 7. We would like to attract more researchers all year long,” company founder Chaouki Bekrar told Wired.
The company also increased bounties for bugs in Android 7 Nougat (from $100,000 to $200,000), Flash (from $80,000 to $100,000), and the Safari and Edge browsers (both from $50,000 to $80,000), among others.
As for the typical iOS and Android users — that’s most of us, really — well, we’ll likely find about these bugs a few years after they’ve been found and exploited to death.