A wave of new vulnerabilities and the discovery of multi-year hacks is leading to a relative decline in the sales price of new iOS vulnerabilities compared to those for androids — and could hit the Apple brand’s reputation for security.
Vulnerability broker Zerodium has announced it will pay $2 million for a complete, no-user click exploit for taking over an Apple’s iOS device, but $2.5 million for a comparable exploit for android devices. In addition, the rate for a one-click iOS chain exploit has dropped from $1,500,000 to $1 million. “The zero-day market is flooded by iOS exploits, mostly Safari and iMessage chains, mainly due [to] a lot of security researchers having turned their focus into full time iOS exploitation,” explained Zerodium founder Chaouki Bekrar.
The lower value for iOS hacks versus comparable Android hacks has also been attributed to Google’s newly increased security focus and the fragmented Android world which subsequently reduces the ability of a vulnerability to devices running on an Android operating system.
There is value in those vulnerabilities
The market for new hacks and exploits is driven by the benefits derived from their use. Governments and intelligence agencies such as NSA stockpile vulnerabilities so they can more easily penetrate a person or groups devices and uncover their activities. When these leak out, as was the case with the NSA Eternal Blue exploits – the results can be devastating. In the private market, the Israeli NSO has used an array of zero-day exploits to distribute its Pegasus tracker software. On the strictly black market, these exploits are harnessed in malware.
The price cut also comes after Google researchers uncovered a massive two-year hacking of iOS devices. Users were able to have their phones hacked by simply visiting infected websites. This large-scale hack has been attributed to the Chinese government zeroing in on the activities of its ethnic Uyghur community in the Xinjiangon region.
Is Apple losing its security shine?
Apple devices have historically had a higher reputation for securing users than those from Android or Windows. This has been due to several factors including Apple’s tighter hold over the entire ecosystem – operating system and apps – and the smaller size of the Apple device user pool.
News of relative price cut for vulnerabilities and the large-scale hacking comes as Apple prepares for the launch of its new iPhone 11. Industry rags predict that Apple will try to focus on the new camera setup – and not on security features. In the past, advanced features, smooth packaging, and security are how Apple has pulled off its premium pricing strategy.