A security firm named Zerodium has promised to pay hackers a $1 million bounty to find a zero-day (same-day) security exploit in Apple's iOS 9. Such a vulnerability bug would allow hackers to control iPhone and iPad devices. The French company would likely sell hacked data to groups such as the United States' National Security Agency (NSA), based on the founder's past customers that have included North Atlantic Treaty Organization (NATO) countries and "partners."
Zerodium made a blog post on September 21, Monday. It stated that while Apple's iOS is the securest mobile device OS, all operating systems have critical security bugs and is thus not unhackable, according to ArsTechnica.
The company would pay $3 million for remote access of an iOS device. Meanwhile the $1 million is for browser- based cyberattacks through iOS 9.
Zerodium founder Chaouki Bekrar has a history of selling intelligence info to groups such as the NSA. The American Civil Liberties Union (ACLU) has referred to Bekrar as a "merchant of death" who sells cyberwar "bullets," according to Gizmodo. He is uncaring about the data's use.
The $1 million prize money for a zero-day vulnerability is a world record. Many hackers will likely try to cash in, although repressive governments could end up with the hacked data.
The security firm's nefarious contest has rules. For instance, the cyberattack must be workable through a Safari or Google Chrome mobile browser, or an SMS text message. In addition, the exploit must be done completely remotely.
Zerodium's cyberwar contest will run until October 31. It will end sooner if three winning hacks are submitted by the deadline.