iOS 9 Can Now Finally Be Remotely Jailbroken — but YOU Can’t Do It
Posted on November 2nd, 2015 by Graham Cluley
Bad news iOS 9 users. Someone has developed a way of jailbreaking your iPhone or iPad and spying on you, in a way that is currently unstoppable.
And don’t for a second think that someone isn’t going to be hit by the attack — because huge amounts of money have already been spent discovering how to do it.
Last month we told you how a group of Chinese hackers had found a way to jailbreak devices running iOS 9, opening the door for those who want to install unapproved apps onto iPhones and iPads.
There was, however, one big problem with Pangu Team’s jailbreak — it required physical access to the device that you wanted to break into.
Now, that probably wasn’t a problem if you wanted to jailbreak your own iPhone or iPad, but imagine if you were an intelligence agency with a keen interest in spying on someone’s activity and communications without their knowledge. Requiring physical access to your target’s device dramatically reduces the chances of successful snooping.
Well, if you are in the business of state-sponsored espionage you need fear no more. Vulnerability researchers have now developed a method of remotely jailbreaking the latest version of iOS.
Yes, just last month controversial vulnerability broker Zerodium announced that it was stumping up a one million dollar bounty for anyone who could provide them with a browser-based, untethered jailbreak for iOS 9 — and it seems someone has now achieved it.
Our iOS #0day bounty has expired & we have one winning team who made a remote browser-based iOS 9.1/9.2b #jailbreak (untethered). Congrats!
— Zerodium (@Zerodium) November 2, 2015
If what Zerodium says is true, then it’s now possible to jailbreak an iPhone running iOS 9 by simply tricking it into visiting a webpage hosting a zero-day exploit or sending it a boobytrapped SMS message.
The twist is, of course, that unless you have a large amount of money burning a hole in your pocket, Zerodium isn’t going to let you have details of the jailbreak. In fact, it’s perfectly possible that they won’t make it available to Apple either — which means that our chances of getting a rapid fix to the vulnerability currently remain low.
Instead, Zerodium will be looking to claw back some of the hefty amount of cash it will have paid for the vulnerability, by selling it to those who have the desire and means to pay a large amount of money — such as intelligence agencies that would quite like to use it to the spy on targets such as foreign politicians, and military contractors.
And, of course, it’s highly unlikely that anyone paying for the vulnerability will be keen to release details of the zero-day flaw publicly, potentially tipping off foreign states and intended targets to the surveillance danger.
In an interview with Wired, Zerodium’s founder Chaouki Bekrar said that two teams had separately attempted to claim the iOS 9 jailbreak bounty, but one had only been partially successful with its exploit.
My guess is that even Apple — with the huge amount of money at its disposal — won’t be keen to be bent over a barrel by vulnerability broker firms like Zerodium, and so the vulnerability won’t be shared with the one group of developers that might be able to do everyone with an iOS device a favour, and provide an official patch.
The one silver lining, at least for now, is that because of the high expense of the new jailbreaking exploit it is unlikely to be used in a widespread attack — instead, whoever stumps up the cash is likely to use it in very targeted situations, hoping that the jailbreak doesn’t leak into the wild, dramatically reducing its potency in future hacks.