Million Dollar Bounty Claimed for an iPhone Vulnerability

Cash2.jpgIt is a million dollar payday for vulnerability researchers who found an iPhone 0-Day hack.  Recently, Zerodium recently announced the sizeable payout to a team of hackers who successfully developed a technique which can target the Apple operating system.  This exploitable code-weakness is reported to be able to undermine the security of any iPhone or iPad which visits a maliciously created website. 

With such monetary rewards, the reflection of a true market value, this trend of high profile research will continue.  It is a double-edged sword and both helps bolster long term product security as well as undermining it in the short term.  Vulnerability discoveries bring to light existing weaknesses and tend to motivate developers to invest more resources in improving security in their products.  It is much less expensive and embarrassing to squash such bugs before products are released versus after they are in the hands of customers.  On the darker side, such discoveries may allow exclusive access to the highest bidder for a period of time, until the vendor can figure out the problem and apply a suitable fix. 

The cybersecurity industry is still in its infancy and vulnerability research is a hotly debated topic.  We have a lot to learn and experience before we reach a healthy state.  One thing is for sure: the economic impacts are growing.  Just ask those who will be cashing a million dollar check or those tasked with finding a way to protect vulnerable systems.  The costs, impacts, and opportunities of security are going up.  Consider if such hacks are worth a million dollars today, what price will such desirable vulnerabilities command in a year from now? 

Twitter: @Matt_Rosenquist

Intel IT Network: Collection of My Previous Posts


Published on Categories Archive
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.