Apple's iOS 10 is merely a month old yet hackers have been going at it hammer and tongs trying to crack it open, and now one security company is offering a huge bounty of $1.5m (£1.1m) for anyone who can find a zero-day vulnerability in the software.
But don't think this is a malicious act. It's all in the name of white hat hacking by security researchers (who might find some financial gain). Zerodium is a broker of software exploits, selling on discovered security holes to companies who are able to patch problems before they get out of hand, hence why it's called 'zero day' as it's found before the vendor does. Here, the US-based company has announced that it will offer its biggest reward for zero-day exploits found in iOS 10, breaking the bank for those who can break into an iPhone remotely.
In the wrong hands a discovered flaw a developer didn't spot could prove costly for a company, which is why it offers rewards to those in a bid to persuade hackers to not unleash chaos. Bug bounties are becoming more common among companies who choose to cut-out brokers. However, companies do not reward individuals anywhere this $1.5m sum. Apple, has only just launched its own bug bounty programme but only pays up to $200,000.
In 2015, Zerodium put up a $500,000 bounty for exploits found in iOS 9, with Android exploits were fetching up to $100,000. With iPhones allegedly harder to crack than Android handsets the price is higher, and with the increased levels of security on iOS 10 as well as the difficult nature of remotely hacking into an iPhone this year's price has tripled. Last year's bounty was only available for a limited time with one team claiming the prize for remotely jailbreaking iOS 9 on an iPhone, but now Zerodium has said it will keep the bounty open permanently.
Zerodium isn't just targeting smartphone software, the company pays out for those who find security vulnerabilities in PC software like Microsoft Office products and particular exploits found in some browsers such as Safari on Mac. The table of its bounties is seen below.
Considering the number of smartphone owners and the amount of valuable data stashed on them that could be vulnerable to malicious actors or state-sponsored attacks, the $1.5m bounty sounds like a relative snip.