![]() This month, Zerodium, a well-known broker and security firm, raised its reward for an Apple iOS bug to $2 million. The market for Apple flaws has soared in the post-Edward Snowden era as technology makers include more security, like end-to-end encryption, to thwart would-be spies. The only catch is that hackers must promise never to disclose the flaw to the vendor for patching, so that buyers can keep their access. On the seedier side of the spectrum are brokers who will sell these tools on the dark web to the highest bidder. Those brokers then sell those bugs for ever higher sums to governments and intelligence and law enforcement agencies around the world. The FaceTime flaw, and other Apple bugs, can fetch tens of thousands, if not hundreds of thousands or even millions of dollars, from dozens of brokers. Thompson, there is a healthy market for bugs and the code to weaponize them, which allow governments, defense contractors and cybercriminals to invisibly spy on people’s devices without their knowledge, capturing everything from their locations to information caught on their microphones and cameras. Thompson noted that she and her son were just everyday citizens who believed they had uncovered a flaw that could undermine national security. In emails to Apple’s product security team, Ms. Thompson’s urgent warnings, or whether it intends to reward the teenager whose mother raced to alert the company to the bug in the first place.Ī bug this easy to exploit is every company’s worst security nightmare and every spy agency, cybercriminal and stalker’s dream. On Monday, Apple said it was aware of the issue and had “identified a fix that will be released in a software update later this week.”īut the company has not addressed how the flaw passed through quality assurance, why it was so slow to respond to Ms. “If these kinds of bugs are slipping through,” said Patrick Wardle, the co-founder of Digita Security, which focuses on Apple-related security, “you have to wonder if there are other problematic bugs that other hackers are exploiting that should have been caught.” Rarely is there a software flaw that grants such high-level remote access and is so easy to manipulate: By adding a second person to a group FaceTime call, you can capture the audio and video of the first person called before that person answers the phone, or even if the person never answers. The FaceTime problem has already been branded “FacePalm” by security researchers, who say Apple’s security team should have known better. Hours before Apple’s statement addressing the bug Monday, Tim Cook, the company’s chief executive, tweeted that “we all must insist on action and reform for vital privacy protections.” The bug, and Apple’s slow response to patching it, have renewed concerns about the company’s commitment to security, even though it regularly advertises its bug reward program and boasts about the safety of its products. The company reacted after a separate developer reported the FaceTime flaw and it was written about on, a news site for Apple fans, in an article that went viral. ![]() ![]() ![]() Thompson first notified Apple of the problem, that Apple raced to disable Group FaceTime and said it was working on a fix. Thompson, a lawyer, to set up a developer account to send a formal bug report.īut it wasn’t until Monday, more than a week after Ms. On Friday, Apple’s product security team encouraged Ms. ![]() When she didn’t hear from Apple Support, she exhausted every other avenue she could, including emailing and faxing Apple’s security team, and posting to Twitter and Facebook. His mother, Michele Thompson, sent a video of the hack to Apple the next day, warning the company of a “major security flaw” that exposed millions of iPhone users to eavesdropping. 19, Grant Thompson, a 14-year-old in Arizona, made an unexpected discovery: Using FaceTime, Apple’s video chatting software, he could eavesdrop on his friend’s phone before his friend had even answered the call. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |