US Government would’ve paid Comex $250,000 for exclusive use of JailbreakMe

By , Mar 23, 2012

Jailbreak community owes a lot to adept hackers who find and exploit weaknesses in the design of iOS mobile operating system, thus allowing Apple’s mobile gadgets to run unsanctioned software. It’s more often than not a neverending cat-and-mouse game between Apple and hackers that at the end benefits jailbreakers the most.

Say you’re an expert hacker who just figured an exploit in one of Apple’s products. You could report your findings directly to Apple and help them plug those holes with a software update.

But did you know you could also hand over this valuable information to an exploit broker who will sell it to a government agency and net you a decent profit, minus the broker’s commission? A U.S. government agency, to be precise…

That’s exactly what an exploit broker who goes by the nickname “Grusq” has been doing in the past twelve months. A South Africa native, Grusq started out by hooking up his hacker friends with contacts in government a year ago.

Realizing he might as well charge for his networking skills, he’s now on track to earn a million in revenue this year, 80 percent coming from the U.S. market. Just last month he elicited the $250,000 payout for an iOS zero-day vulnerability sold to a U.S. government contractor.

Forbes has the story:

That iOS exploit price represents just one of the dozens of deals the Grugq has arranged in his year-old side career as a middle man for so-called “zero-day” exploits, hacking techniques that take advantage of secret vulnerabilities in software.

It’s a legit biz and others do it, too! This includes the likes of small companies such as Vupen, Endgame and Netragard, but also major defense contractors like Northrop Grumman and Raytheon. So in a nutshell, a small portion of U.S. taxpayers’ dollars is being spent on purchasing zero-day exploits.

Other buyers might include the Russian mafia (“they pay very little money”), the Chinese government (“the market is very depressed”) and various parties in regions like the Middle East and the rest of Asia.

That JailbreakMe 3.0 exploit by hacker Comex? Agencies would have been willing to pay as much as a quarter of a million dollars “for exclusive use of the attack”, Grusq says. It’s just business and you get to deal with suits working for various government agencies. He puts its best:

You’re basically selling commercial software, like anything else. It needs to be polished and come with documentation. The only difference is that you only sell one license, ever, and everyone calls you evil.

In case you were wondering – yes, iOS exploits command a much higher price than those targeting Android:

An iOS exploit pays more than one that targets Android devices partly because it requires defeating Apple’s significantly tougher security features. That means most agencies can simply develop their own Android attacks, the Grugq says, while ones that can penetrate the iPhone are rare and pricey.

Here’s a rough price list for zero-day exploits that author Andy Greenberg put together based on input from his sources. Interesting enough, each price assumes an exclusive sale and not alerting the software’s vendor.

It goes without saying you need to get hooked up with a guy like Grusq with contacts in high places and negotiating skills to broker a deal for you. And most importantly, you have to be able to present a marketable and unique zero-day exploit.

Still, wouldn’t we all be this fortunate? Are folks like Grugq just savvy entrepreneurs or merchants of death trading the bullets of cyberwar?

Meet us in comments.

  • Share:
  • Follow:
  • http://twitter.com/hxclos Carlitos 

    South Africa huh? I get emails from them all the time.

    • Dan

      same here, there’s always some exiled african prince who wants to wire me millions of dollars in return for some favor

  • http://twitter.com/therealjdizzle Jason Masters

    Articles title is misleading? Yet even if this is true this would mean that the jailbreak community would become a business and all jailbreaks would cost money from here on out huh?

  • http://twitter.com/batman_313 Chris J

    this guy sounds like Nicholas cage from lord of war…

  • http://twitter.com/steelahlive Steelahlive

    Guess we know what ic0nics waiting on lol! Anyone else think ic0nics whole anti JB Release seems childish nana nana look what I have and you don’t? Someone should turn it into a direct tv commercial. When you jailbreak your device you get famous when you get famous you get a lot of twitter followers when you get Twitter followers you get angry…..

  • Anonymous

    wow. very interesting article. kudos.

  • http://www.facebook.com/IhAcKaPpLe Christian Stevens

    This is BS! I’m sick of GREETY PPL. LET THE JB COMMUNITY ENJOY OUR PHONE THEY WAY IT SHOULD BE OUT OF THE BOX! However(I agree with the misleading title) I HAVE MYCH RESPECT FOR COMEX! It’s free software and will remain free software, by being patient! Shout out to COMEX, dev, legend, p0s, & anyone I left out. Your true ppl and respectful. Eff these south africain, Russian, and even the US Government(who have way more things to be using there time and especially MONEY!!!)

  • Anonymous

    Paid $250 000 by the government for selling the exploit, sued by Apple for millions for selling said exploit lol … Now that sounds like what would happen.

  • Anonymous

    Lol I call bullshit on this article.

    • http://pulse.yahoo.com/_2JFDZXSTUH2HWGIM6NSZX66KWA Kurt

      Also bs that iOS exploit would get the most. Just like the hoax about safari users being the most intelligent. Why do people believe this crap

  • http://www.iTechBlog.in/ taran

    Man…i wish i cud find an exploit…

  • Anonymous

    This will slow down the speed for public JB releases or we might never get them. Everything is a business now of days.

  • Anonymous

    Its ‘grugq’ not ‘grusq’.

    Also, to all those calling BS: it isn’t. Stuxnet is proof of how much effort governmental malware writers are willing to go to and they need to get their exploits from somewhere. iOS rate so high because of its deployment status in government departments around the world.

  • Anonymous

    Also, this doesn’t mean jailbreaks are no longer going to be free, because they will. This business has been around since before the iPhone was even designed. Its just saying that an exploit of that calibre and reliability is in hot demand in other places.

  • http://twitter.com/x_rus_x Vitaliy Anonymous

    It is Grugq, not Grusq.

  • Anonymous

    grugq the movie, coming to a cinema near you. that would make an awesome movie.

  • Joshua Abbate

    I knew our gov. was evil. they want hackers so that every bit of tech in the world can be accessed. Just imagine, everyone in office able to see everything and anything they want about us through our own tech. LIVE. America officially sucks.

  • http://profile.yahoo.com/Y3FEP67RXSMNV3TYR34AYNCCGI محمد