In order to gain access to San Bernardino shooter’s iPhone 5c beyond the Lock screen, the United States government eventually had to pay through the nose to a third-party to exploit a little-known iOS vulnerability and break into the device. According to FBI director James Comey, the agency paid at least $1.3 million for the hack.
Analyzing the black market for so-called zero-day iPhone vulnerabilities, a top Apple security engineer is actually pleased by the fact that they command steep prices because it means they’re rare and difficult to pull off, Business Insider reported Monday.
Ivan Krstić, head of Apple’s security engineering and architecture, explained in a talk given at Apple’s annual conference last week about how Apple approaches security.
Krstić’s team uses “indirect metrics” to evaluate how well they’re doing, and one of those metrics is the black market prices for iPhone zero-day exploits:
As probably most of you know, there is a black market for software vulnerabilities, and once in a while some of the prices on the black market become known. Usually these prices are tens of thousands of dollars, sometimes $100,000. Take that with a grain of salt, but it’s a fascinating number to think about. What you’re seeing now is the result of a decade of our best work in protecting our users.
Apple employs so-called top to bottom security model which relies on a number of software protections and code signing built into iOS, coupling software-based approach with full device encryption realized in hardware, via Secure Enclave, a coprocessor inside the main processor which stores encryption and device keys and handles encryption, Apple Pay, Touch ID.
RELATED: A closer look at Differential Privacy in iOS 10
Because Apple “builds security into every level,” malicious users typically have to take advantage of five to ten separate vulnerabilities. This is one of the key reasons why the iPhone, in Krstić’s own words, hasn’t had a virus or malware problem at scale over the past nine years.
RELATED: Apple explains why it’s left iOS 10 kernel purposefully unencrypted
Unlike Microsoft, Facebook and Google, Apple does not have a bug bounty program that would encourage hackers to actually sell any vulnerabilities discovered in iOS directly to Apple, which is one method of clamping down on the black market for zero-day exploits, although the company credits those who find such bugs.
Source: Business Insider