The strong belief that Apple’s iPhone’s or iOS’s security is impenetrable, could be shaken, at least in the short-term. Underground marketplaces that trade in secret but successfully exploitable flaws and vulnerabilities in iOS, the OS that runs exclusively on Apple iPhones, appears to have indicated the changing perception. For the first time, any secret hacking tool capable of remotely taking control of an Android smartphone without user interaction commands a higher price than its iPhone equivalent.
Zerodium First Reduces Then Suspends Buying iOS Security Exploits Due to Abundance of Flaws?
Zerodium, which buys and sells so-called zero-day exploits that take advantage of secret software vulnerabilities, announced that it has temporarily suspended purchasing new iOS Local Privilege Escalation, Safari Remote Code Execution, or sandbox exploits, for the next few months. Additionally, the company published an updated price list for the security vulnerabilities for iOS and Android smartphone OS.
— Zerodium (@Zerodium) May 13, 2020 The suspension comes after the company reportedly started receiving a high number of submissions for exploits within the Apple iOS. The company claimed it will still be accepting iOS one-click chains (e.g. via Safari) without persistence. However, the prices for the same have been significantly reduced, and interestingly, the prices for iOS security flaws now sits below those within Android OS.
— Chaouki Bekrar (@cBekrar) May 13, 2020 Zerodium’s CEO Chaouki Bekrar had a rather strong choice of words to describe the current state of iOS security. He claimed that only Pointer Authentication Code and non-persistence exploits are keeping the iOS security afloat. He additionally claimed that there are still enough exploits in these categories. Needless to add, such claims should be concerning for Apple which prides itself on the highly impenetrable security layers within the iOS. Coming to the pricing list of security vulnerabilities, Zerodium now offers up to $2.5 million for a zero-click hacking technique that fully and silently takes over an Android phone with no interaction from the target user. In simple words,any exploit that does not require any user interaction within an Android OS commands the high price. Incidentally, this is still a rare occurrence. Still, any similar vulnerability within an Apple iOS has a price that’s $500,000 less than Android.
Is Apple iOS for iPhones Less Secure Than Android?
It is rather strange to see the offer price for security exploits within Apple iOS commanding a lesser price than those within Android OS. Moreover, it is also a fact that Android, backed by Google and largely driven by the company’s services, has improved significantly in the past few iterations. Android is now far more secure than before. Additionally, Google is constantly improving the security with algorithms that being trained by AI and data.
— CybSploit (@cybsploit) May 12, 2020 Apple’s iOS is still considered very secure. The company has a rigorous vetting process for its curated Apple App Store. Hence experts insist that the claims by Zerodium’s could be exaggerated. They indicate that hackers, malicious code writers, and others might be refocusing on Apple’s iOS. Moreover, with the current situation, hackers might have more time to try harder to penetrate iOS security.
