On September 21, “Premium” 0day startup Zerodium put out a call for a chain of exploits, starting with a browser, that enables the phone to be remotely jailbroken and arbitrary applications to be installed with root / administrator permissions. In short, a complete remote takeover of the phone. And they offered $1 million. A little over a month later, it looks like they’ve got their first claim. The hack has yet to be verified and the payout is actually made.
But we have little doubt that the hack, if it’s actually been done, is worth the money. The NSA alone has a $25 million annual budget for buying 0days and usually spends that money on much smaller bits and bobs. This hack, if it works, is huge. And the NSA isn’t the only agency that’s interested in spying on folks with iPhones.
Indeed, by bringing something like this out into the open, Zerodium is creating a bidding war among (presumably) adversarial parties. We’re not sure about the ethics of all this (OK, it’s downright shady) but it’s not currently illegal and by pitting various spy agencies (presumably) against each other, they’re almost sure to get their $1 million back with some cream on top.
We’ve seen a lot of bug bounty programs out there. Tossing “firmname bug bounty” into a search engine of your choice will probably come up with a hit for most
firmnames. A notable exception in Silicon Valley? Apple. They let you do their debugging work for free. How long this will last is anyone’s guess, but if this Zerodium deal ends up being for real, it looks like they’re severely underpaying.
And if you’re working on your own iPhone remote exploits, don’t be discouraged. Zerodium still claims to have money for two more $1 million payouts. (And with that your humble author shrugs his shoulders and turns the soldering iron back on.)
Thereifixedit.com is a site filled with dubious innovations. Some of them are cool, some of them are clever, and most of them are terrifying. Anyone who has ever stood in front of a broken household appliance with a roll of duct tape, one screw driver with a bit chipped off the flat part, and determination will laugh themselves silly browsing through this site. Maybe some of the ghetto hacks we covered before should be in this list.
[Thanks for the link Dad]
Less than a week after American Airlines introduced in-flight internet, hackers have already figured out how to use the system to make VoIP calls in a few easy steps with Phweet, a Twitter application. While the network blocks most VoIP services, Phweet can connect two people using a Flash app. Aircell, the company responsible for the system, is aware of the oversight, but it remains to be seen whether this little loophole will be fixed in a timely manner. Meanwhile, we encourage those of you who do fly on American Airlines to avoid making those phone calls; your neighbor would probably appreciate it.
Security-Hacks has a great roundup of essential Bluetooth hacking tools. As they point out, Bluetooth technology is very useful for communication with mobile devices. However, it is also vulnerable to privacy and security invasions. Learning the ins and outs of these tools will allow you to familiarize yourself with Bluetooth vulnerabilities and strengths, and enable you to protect yourself from attackers. The list is separated into two parts – tools to detect Bluetooth devices, and tools to hack into Bluetooth devices. Check out BlueScanner, which will detect Bluetooth-enabled devices, and will extract as much information as possible from those devices. Other great tools to explore include BTCrawler, which scans for Windows Mobile devices, or Bluediving, which is a Bluetooth penetration suite, and offers some unique features like the ability to spoof Bluetooth addresses, and an L2CAP packet generator. Most of the tools are available for use with Linux platforms, but there are a few you can also use with Windows.
MetaFilter has a nice roundup of various NES hacks. You might have seen these before, but it’s great to see them all in one place. Our personal favorite is the NES in an NES cartridge, and who could forget the NES controller coffee table? Don’t forget to check the comments for more interesting NES hacks. We think there’s just something about the original Nintendo Entertainment System that inspires people to go all out with creativity and playfulness. We’re willing to bet that you probably have an old system at home gathering dust, just waiting to be modded and hacked. We’d love to hear what you have done, or will do to it.