No-click hack for the iPhone now worth “just” $2 million

Sep 4, 2019 09:59 GMT  ·  By

There was a time when iPhones were considered nearly impossible to hack, mostly because the number of exploits aimed at Apple devices was extremely small and whenever new ones were discovered, the Cupertino-based tech giant patched them really fast.

The security level of iPhones, however, has become a more controversial topic lately, and the continuously-increasing number of exploits discovered by researchers across the world once again reminded that there’s no such thing as unhackable phone.

But what’s worse for Apple is that many of these exploits are aimed at iPhones, and some revealed that the company’s devices have been exposed to hackers for many years already.

Given all of these, the price of working exploits for the iPhone dropped significantly, for the first time becoming cheaper than the ones aimed at Android devices.

Zerodium, a company that trades exploits for the two platforms, told Vice that the avalanche of iPhone hacks made Android attacks more valuable.

“The zero-day market is flooded by iOS exploits, mostly Safari and iMessage chains, mainly due to a lot of security researchers having turned their focus into full time iOS exploitation. They’ve absolutely destroyed iOS security and mitigations. There are so many iOS exploits that we’re starting to refuse some of them,” Zerodium founder Chaouki Bekrar explained.

iOS 13 just around the corner

On the other hand, Bekrar says that finding an Android hack is more “time consuming” and “harder,” explaining that a working exploit for Google’s platform is worth $2.5 million. A no-click iPhone vulnerability, which allows the device to be compromised without any interaction required from the user, now costs “just” $2.5 million. When one click is needed on the user side, the price drops to $1 million for the iPhone exploit, down from the previous price of $1.5 million.

Andrea Zapparoli Manzoni, director of Crowdfense, a company that also trade zero-day exploits, says that Android’s fragmentation actually helps the platform overall.

“Android is such a fragmented landscape that a ‘universal chain’ is almost impossible to find; much harder than on iOS which is a ‘monoculture,’” he said.

Meanwhile, Apple stick to what it does best: remain completely tight-lipped on its long-term plans despite all the working exploits discovered lately.

iOS 13 is just around the corner, and it’ll be interesting to see to what degree it manages to resolve the security issue on iPhones.