The Black Market for iPhone Vulnerabilities

Apple has never acknowledged the black market that exists where hackers are able to use zero-day security vulnerabilities to bypass the iOS protection system. Now, Ivan Krstić, head of security engineering and architecture for Apple revealed during his talk at Apple’s annual conference last week what he thinks about such vulnerabilities. Krstić says that since it is not possible to objectively measure security mechanism employed, he uses “indirect metrics” like the black market prices for hacking into an iPhone. The higher the amount, the better the security team over at Apple is doing their job.

On an average, it takes anywhere between tens of thousands of dollars to up to $100,000 to bypass the security mechanism employed in Windows and Android. For iOS though, this figure is reportedly pegged at around $1 million and higher.

“Take that with a grain of salt, but it’s a fascinating number to think about,” Krstić said. “What you’re seeing now is the result of a decade of our best work in protecting our users.”

Krstić also bragged how the iPhone has not had a major virus or malware problem affecting millions of its users over all these years.

Interestingly, while Microsoft and Google offer bug bounty programs where they give reward to black hat hackers for finding vulnerabilities in their software, Apple does not. Instead, the company publicly credits people for finding such bugs and vulnerabilities in their software and that’s about it.

[Via Business Insider]