Security company Zerodium had made the news a couple months ago, when they announced they would pay a 1 million dollar bounty to any team that would successfully provide a remote jailbreak for the latest iPhones running on the latest revision of iOS9.

Specifically, they stated:

ZERODIUM will pay out one million U.S. dollars ($1,000,000.00) to each individual or team who creates and submits to ZERODIUM an exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices.

Zerodium announced yesterday on their twitter account that the bounty has been claimed. This means a secret team of hackers has been able to jailbreak the latest iOS. The hack is also extremely convenient, as it is a remote hack with minimal intervention from the user. In other words, the jailbreak installs by simply visiting a web page. (or potentially receiving an SMS).

Our iOS #0day bounty has expired & we have one winning team who made a remote browser-based iOS 9.1/9.2b #jailbreak (untethered). Congrats!

— Zerodium (@Zerodium) November 2, 2015

But if you are an iPhone owner and expect this Jailbreak to show up on your phone some time soon, you can stop dreaming. In exchange for the bounty, the hackers are (obviously?) selling the rights of the exploit and Jailbreak chain to Zerodium. The latest publicly available jailbreak was released recently for iOS 9.0 and 9.0.2.

Zerodium is in the business of selling exploits to national security agencies. This jailbreak will end up being sold to the NSA or some other agency, with the purpose of spying on some bad guys, and, probably, citizens as well (because why not).

$1 million dollars might seem like an awful lot, but it’s not surprisingly high. iOS exploits sold for up to $250’000 3 years ago, and with the rise of smartphone ownership it’s not surprising that the value is increasing.

• Related: The Market value of console hacks

(Forbes 2012)

Zerodium will most likely make much, much more money out of this bounty, a wise investment in other words.

How does the iOS9 remote Jailbreak work?

Because of the secrecy surrounding this whole deal, it is of course impossible to know how the jailbreak works, or the chain of exploits used to trigger it. But what’s guaranteed is that the exploit is designed in a way that minimal user interaction is required to install the jailbreak. This is, after all, intended to install a jailbreak without the user knowing.

The rules of the bounty stated, among other things:

The initial attack vector must be either:
– a web page targeting the mobile browser (Mobile Safari OR Google Chrome) in its default configuration; OR
– a web page targeting any application reachable through the browser; OR
– a text message and/or a multimedia file delivered through a SMS or MMS.

The whole exploitation/jailbreak process should be achievable remotely, reliably, silently, and without requiring any user interaction except visiting a web page or reading a SMS/MMS (attack vectors such as physical access, bluetooth, NFC, or baseband are not eligible for the Million Dollar iOS 9 Bug Bounty. ZERODIUM may, at its sole discretion, make a distinct offer to acquire such attack vectors.).

The exploit/jailbreak must support and work reliably on the following devices (32-bit and 64-bit when applicable):
– iPhone 6s / iPhone 6s Plus / iPhone 6 / iPhone 6 Plus
– iPhone 5 / iPhone 5c / iPhone 5s
– iPad Air 2 / iPad Air / iPad (4rd generation) / iPad (3th generation) / iPad mini 4 / iPad mini 2

A Jailbreak of your iPhone might sound like a good thing, but in this scenario, the goal is to break open the securities of the iPhone, not to install cool stuff on it, but to spy on the user.

Kind of cool, kind of scary. And also a great publicity stunt for Zerodium.

What do you think? Would you pay 1 million for a PS4 Jailbreak?

Source: Zerodium, thanks to @WaHaBKanderi