Team claims $1 million bounty for remotely jailbreaking iOS 9.1 & 9.2

24

Comments

  • Reply 21 of 78
    kent909kent909 Posts: 703member

    How do these guys get a return on their investment to get the 1 mil. back?

  • Reply 22 of 78
    hill60hill60 Posts: 6,989member

    Good thing I don't use chrome, means it won't work.

  • Reply 23 of 78
    brakkenbrakken Posts: 677member
    Goog continuing to fail security; damages key partners.
    It's a matter of time before Chorme breaks iOS' infalliable security.
    Hackers we love: keeping us safe from 'Big Brother,.

    Just thunking of better headlines... ;)
  • Reply 24 of 78
    solipsismysolipsismy Posts: 5,099member
    fallenjt wrote: »
    Good luck with the remote jailbreak. I'm no longer believing in this. Since iOS 7, no remote jailbreak ever happened. 9.1? I doubt it.

    We don't know they weren't. We only know that no such evidence was made public. With all the news about the Feds being upset that Apple isn't giving them a backdoor don't you think they would like look for root access and then keep it under wraps; and not just the US gov't.

    lkrupp wrote: »
    Is there a reason we should even believe this? Is everything you read in the Internet true?

    It seems more of a stretch that this is a giant hoax between these two companies.

    hill60 wrote: »
    Good thing I don't use chrome, means it won't work.

    "Making the jailbreak remotely triggerable via Safari or Chrome requires at least two to three additional exploits.“

    Maybe this one uses something in the upper levels of the Chrome browser on iOS to execute something else, but I'd wager that if it works with Chrome on iOS it will likely work with Safari on iOS.
  • Reply 25 of 78
    foggyhillfoggyhill Posts: 4,767member
    Quote:

    Originally Posted by SolipsismY View Post





    We don't know they weren't. We only know that no such evidence was made public. With all the news about the Feds being upset that Apple isn't giving them a backdoor don't you think they would like look for root access and then keep it under wraps; and not just the US gov't.

    It seems more of a stretch that this is a giant hoax between these two companies.

    "Making the jailbreak remotely triggerable via Safari or Chrome requires at least two to three additional exploits.“



    Maybe this one uses something in the upper levels of the Chrome browser on iOS to execute something else, but I'd wager that if it works with Chrome on iOS it will likely work with Safari on iOS.

     

    Maybe not, if the exploit needed is in a IOS API that Chrome is using, it may only be an exploit in Chrome.

    So, yes, the bug in theory would exist in Safari, doesn't mean you could use it

    Often it takes a series of small exploits chained to do a jailbreak.

    Of course, Apple should fix it so no third party bug could do anything anyway (make sure APIs have no bugs).

    So, hey! Who knows really.

  • Reply 26 of 78
    evilutionevilution Posts: 1,345member
    Quote:

    Originally Posted by eightzero View Post

     

    Hum. How is it Zerodium isn't a defendant in a suit by Apple? 




    Because Zerodium probably is Apple. Who else has 1 million to splash on testing iOS?

  • Reply 27 of 78
    Quote:

    Originally Posted by mstone View Post

     

    Not sure where you got that data. The links below seem to be some of the most detailed I could find.

     

    Android known exploits since 2009-05-26 

    Total = 138

    https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-19997/Google-Android.html

     

    iPhone known exploits since 2007-07-23

    Total = 749

    https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-15556/Apple-Iphone-Os.html




    Those were vulnerabilities, and this is malware statistics for iOS and Android in 2013 .

    Android had a smashing success with its 95-97% among ALL infections for all mobile devices, while iOS got less than 1% of all malware...and that 1% was mostly down to China and Jailbroken devices.

    http://fortune.com/2013/04/14/android-gets-97-of-malware-apple-ios-58-of-enterprise/



    Let me ask you, if iOS got 6 times more vulnerabilities, why malware gets created PRIMARILY for Android (like 1:95)? That feels like those iOS vulnerabilities are superficial, comparing to what Android is offering to malware creators...hence the stats..

     

  • Reply 28 of 78
    gatorguygatorguy Posts: 20,036member

    Those were vulnerabilities, and this is malware statistics for iOS and Android in 2013 .

    Android had a smashing success with its 95-97% among ALL infections for all mobile devices, while iOS got less than 1% of all malware...and that 1% was mostly down to China and Jailbroken devices.
    http://fortune.com/2013/04/14/android-gets-97-of-malware-apple-ios-58-of-enterprise/

    Let me ask you, if iOS got 6 times more vulnerabilities, why malware gets created PRIMARILY for Android (like 1:95)? That feels like those iOS vulnerabilities are superficial, comparing to what Android is offering to malware creators...hence the stats..

     
    Don't misread "designed to attack Android" for actual Android malware that worked, nor is "malware" defined in that article in the first place. TBH is you use the definition of malware from security companies like McAfee there's likely millions of iOS apps that would be considered malware since some collect unnecessary data and not disclosed to the user. Could be for ads. Could be noting location. Could be collecting your contacts. That's the type of stuff used for some of the Android malware statistics stories.

    EDIT: The Tennessee Titans offense is "designed to attack" real NFL defenses successfully. Doesn't mean it works that way. :D
  • Reply 29 of 78
    Quote:
    Originally Posted by Gatorguy View Post





    Don't misread "designed to attack Android" for actual Android malware that worked, nor is "malware" defined in that article in the first place. TBH is you use the definition of malware from security companies like McAfee there's likely millions of iOS apps that would be considered malware since some collect unnecessary data and not disclosed to the user. Could be for ads. Could be noting location. Could be collecting your contacts. That's the type of stuff used for some of the Android malware statistics stories.



    EDIT: The Tennessee Titans offense is "designed to attack" real NFL defenses successfully. Doesn't mean it works that way. image



    In the attempt to downplay the whole issue you created a huge and fat strawman. ))

    However that strawman argument still gets disproven by statistics.

    http://bgr.com/2015/02/17/android-vs-windows-malware-infection/



    97%  INFECTED and not just potentially infected belong to Android, while iOS gets less than 1%.

    Notice that in the article it says - 
    Meanwhile, the research showed that less than 1% of infections affected iPhone and BlackBerry smartphones.

    Notice it says "AFFECTED", and not just "
    designed to attack iOS".



    "Doesn't mean it works that way. 1biggrin.gif"

    Yea, sadly, it does work that way for Android and no hand-waiving and fact-dowplaying can eliminate the problem. Better programming and better specialists for Google however would eliminate that, but also for that Google would need to have a different model for its Android OS - something that Google does NOT have. :)

    But, hell, on Android you can make your keyboard pink or zebra-like (although I don't know why people think that it is freedom to be able to paint UI with a certain color, which they usually choose so tastelessly)

  • Reply 30 of 78
    gatorguygatorguy Posts: 20,036member

    In the attempt to downplay the whole issue you created a huge and fat strawman. ))

    However that strawman argument still gets disproven by statistics.
    http://bgr.com/2015/02/17/android-vs-windows-malware-infection/


    97%  INFECTED and not just potentially infected belong to Android, while iOS gets less than 1%.

    Notice that in the article it says - 
    Meanwhile, the research showed that less than 1% of infections affected iPhone and BlackBerry smartphones.

    Notice it says "AFFECTED", and not just "
    designed to attack iOS".

     
    Strawman? Seems it's just as I wrote. Read how the report defined malware. Using that metric millions of iOS devices have been infected with malware just this year, and that's only the ones you factually know of. Remember the recent story about Apple's AppStore in China?

    I think there might be some inconsistency on the part of security software providers when putting these reports together but just guessing. Can you think of any reason a 3rd party security provider might benefit from overstating the danger to one platform over another?
  • Reply 31 of 78
    Quote:
    Originally Posted by macinthe408 View Post



    Headlines tomorrow: "NSA and Apple have deal to install backdoors on iPhones running iOS 9. More after this commercial..."

     

    Backdoors are not necessary. They're already in. All that's needed is motivation and an ip address.

     

    Quote:
    Originally Posted by Brian Jojade View Post

     

    Now, if someone can crack a purely native device with no third party pieces installed, that would be big news.


     

    That's a pretty limited type of device. Like a desk calculator or a Pebble.

     

    Quote:
    Originally Posted by Anton Zuykov View Post

     



    In the attempt to downplay the whole issue you created a huge and fat strawman. ))

    However that strawman argument still gets disproven by statistics.

    http://bgr.com/2015/02/17/android-vs-windows-malware-infection/

     


     

     

    We're using a sensationalist article for stats? Why not link to actual studies? The article you posted has this nonsense right in the middle of it: "DON’T MISS: This terrifying iOS malware could infect your iPhone without a jailbreak"

  • Reply 32 of 78
    Quote:

    Originally Posted by Gatorguy View Post





    Strawman? Seems it's just as I wrote. Read how the report defined malware. Using that metric millions of iOS devices have been infected with malware just this year. Remember the recent story about Apple's AppStore in China?



    I do. 250 apps that has already been pulled of the store. 

    There is a problem with this logic. Apple has ability to pull certificates of apps consequently making them inaccessible for new downloads. Also the moment you pull a certificate, you are unable to launch that app from the device regardless of whether you already downloaded it or not.



    However that is not the case with Android. Add to it "freedom" of using third party apps that seems to be a very normal way of downloading apps (not from Google store), and you will get a slightly more interesting picture.

     

  • Reply 33 of 78
    Quote:

     

    We're using a sensationalist article for stats? Why not link to actual studies? The article you posted has this nonsense right in the middle of it: "DON’T MISS: This terrifying iOS malware could infect your iPhone without a jailbreak"




    Yes, for that you would need to enable third party app launching. And that is not done automatically nor can it be done through simple pop-up message. You literally have to know where to go into settings of the iOS in order to enable that particular app (that you just accidentally downloaded from a weird website) and then accidentally enable app's developer as well as confirm that you need to run that app.

    And then you get a spyware...What a shocker!

    That is just as terrifying as a prospect of Siri being "potentially" hijacked through the mic and radio transmitter ..



    Did you even read what that link points to?

  • Reply 34 of 78
    gatorguygatorguy Posts: 20,036member

    I do. 250 apps that has already been pulled of the store. 

    There is a problem with this logic. Apple has ability to pull certificates of apps consequently making them inaccessible for new downloads. Also the moment you pull a certificate, you are unable to launch that app from the device regardless of whether you already downloaded it or not.


    However that is not the case with Android.

     
    Huh? Where did you pull that from? Google disables apps found to be acting counter to their original intent on users devices using Verify Apps. To their credit it even scans sideloaded apps coming from sometimes questionable 3rd party sites that require owners purposefully disabling the default Google Android security settings. Disable Apple security settings to load some of the 3rd party apps (for instance jailbreak) and you're on your own, correct?
  • Reply 35 of 78
    Quote:
    Originally Posted by Gatorguy View Post





    Huh? Where did you pull that from? Google disables apps found to be acting counter to their original intent on users devices using Verify Apps. To their credit it even scans sideloaded apps coming from sometimes questionable 3rd party sites that require owners purposefully disabling the default Google Android security settings.

    Huh? Google verification?

    MMS based virus gets apps installed on Android phones without any verification or root level access.


    http://www.pcworld.com/article/2953052/security/most-android-phones-can-be-hacked-with-a-simple-mms-message-or-multimedia-file.html

    That was not a major security breach, right? )

    App verification will not help in that case either.



     

  • Reply 36 of 78
    Quote:
    Originally Posted by Gatorguy View Post





    Huh? Where did you pull that from? 

    Now you can cue in the next stupid "huh?" comment on 3...2...1.

  • Reply 37 of 78
    Quote:

    Originally Posted by Anton Zuykov View Post

     

    Did you even read what that link points to?


     

    No, because it's sensational trash. It's not actually terrifying. They left iOS 7, which is relevant and useful information, out of the headline because then nobody would go read it.

  • Reply 38 of 78
    gatorguygatorguy Posts: 20,036member
    Huh? Google verification?

    MMS based virus gets apps installed on Android phones without any verification or root level access.

    http://www.pcworld.com/article/2953052/security/most-android-phones-can-be-hacked-with-a-simple-mms-message-or-multimedia-file.html

    That was not a major security breach, right? )


     
    There's actual instances of that happening? How many devices were breached? (Answer: Apparently none)

    . What you've linked to is a proof-of-concept found by a researcher. He also did the right thing by notifying Google before publishing and allowing the Android team to promptly issue a patch. Nice when they do that for Apple and just as nice when they handle it that way with Google.

    By the way, there are no Android viruses (nor iOS ones for that matter). I think you've confused it with general malware, primarily apps that collect undisclosed or unnecessary user data.

    Here's a pertinent read for you.When put on the spot If the security companies that provide "anti-virus apps" back off the suggestion that Android is infested with viruses/malware that should be telling you more than the sensationalist click-bait articles you seem to be drawn to.
    http://www.digitaltrends.com/mobile/do-you-need-antivirus-on-android/
  • Reply 39 of 78
    indyfxindyfx Posts: 319member
    Quote:
    Originally Posted by Anton Zuykov View Post

     



    Those were vulnerabilities, and this is malware statistics for iOS and Android in 2013 .

    Android had a smashing success with its 95-97% among ALL infections for all mobile devices, while iOS got less than 1% of all malware...and that 1% was mostly down to China and Jailbroken devices.

    http://fortune.com/2013/04/14/android-gets-97-of-malware-apple-ios-58-of-enterprise/



    Let me ask you, if iOS got 6 times more vulnerabilities, why malware gets created PRIMARILY for Android (like 1:95)? That feels like those iOS vulnerabilities are superficial, comparing to what Android is offering to malware creators...hence the stats..

     


     

    Ah Anton you beat me to it... (by about 5 hrs ;-)

    I was going to say the 1-100 figure wasn't necessarily "pulled from thin air" in that it is the approximate attack ratio between android and iOS (for every iOS device compromise about 100 android devices are) I didn't know that the majority of iOS devices compromised were jailbroken phones. That likely make the successful attack/compromise ratio something like 1000-1 or higher (provided you don't jailbreak your iPhone)

     

    Its interesting, windows fans made the same kinds of argument. They would show all kinds of stats showing how many more compromise vectors OS X had (vs windows) even though in the real world >99.9% of the virus and malware attacks were on windows (they explained that away using the "security by obscurity" nonsense) Given that apple dominates the smartphone market I wonder what the android fans rationale is (given their stats that android is "similarly" or even more secure to iOS) I mean when 99.9% of devices successfully attacked are android it does fly a bit in the face of common sense to try to erect an argument that android is secure (at all)

     

    I also find it interesting that this requires installing google software (this only works on chrome not safari)... You know what this (particularly in combination with the apparent ease and regularity with which googols android OS is attacked) says to me?

    That's right... don't install googol software on my iPhone. There, problem solved.

  • Reply 40 of 78
    gatorguygatorguy Posts: 20,036member
    indyfx wrote: »
    I also find it interesting that this requires installing google software (this only works on chrome not safari)... You know what this (particularly in combination with the apparent ease and regularity with which googols android OS is attacked) says to me?
    That's right... don't install googol software on my iPhone. There, problem solved.
    Where was the claim it doesn't work with Safari? Missed that one.
Sign In or Register to comment.