Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Since the debut of the first iPhone, Apple has played a cat-and-mouse game with hackers who want to install “unofficial” software onto their locked-down devices. That game may be about to end thanks to the booming business in state-backed malware.

The race between Apple and the hackers goes like this: hackers develop and release software that can “jailbreak” an iOS device so it can be tinkered with freely, then Apple neutralizes the new method with a software update. The latest round started in early February when a group of coders known as Evad3rs released their latest jailbreak tool, evasi0n, and Apple appears poised to release a patch soon.

All that could soon be over because jailbreaks work by exploiting previously unknown bugs in Apple’s software. Those are also known as “zero days” and are now very valuable to people building sophisticated malware for the purposes of surveillance and industrial espionage (see “Welcome to the Malware-Industrial Complex”). People with knowledge of the market for vulnerabilities say the value of iOS bugs is high enough to make selling a bug much more attractive than working it up into a new jailbreak method.

Charlie Miller, a hacker famous for demonstrating ways to hack the iPhone and other Apple products, tweeted around the time of evasi0n’s release that it would likely be the last. He listed five reasons, including that Apple has tightened the security of its products and that a person who found a zero day for iOS could “sell it to make $250k.”

The cofounder and CTO of mobile security company Lookout, Kevin Mahaffey, gave a higher estimate earlier this week, telling me that the “current price” of iOS zero days is $500,000. The Evad3rs have a donation button on their jailbreak site but whether it could raise amounts competitive with such sums is unknown.

The zero day market is a shadowy one, so getting a price like those estimated by Mahaffey and Miller would require having the right connections. Apple’s work on making iOS tougher to crack may make that more likely, since finding a zero day for the operating system has become a more elite pursuit. Zero days for mobile systems are particularly valuable because they are rarer than for conventional computer systems, people are less wary of security threats on mobile devices, and they tend to stay undiscovered and unpatched for longer.

All that means that evasi0n may be the last of the publicly available jailbreaks. Jailbreaks will still be around, but only intelligence agencies and military will be doing them. What Apple thinks of that is anybody’s guess.

6 comments. Share your thoughts »

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me