Skip to Content

Military Malware May Have Killed the iPhone Jailbreak

Malware developers will pay large sums for the bugs needed to loosen Apple’s software restrictions.
March 5, 2013

Since the debut of the first iPhone, Apple has played a cat-and-mouse game with hackers who want to install “unofficial” software onto their locked-down devices. That game may be about to end thanks to the booming business in state-backed malware.

The race between Apple and the hackers goes like this: hackers develop and release software that can “jailbreak” an iOS device so it can be tinkered with freely, then Apple neutralizes the new method with a software update. The latest round started in early February when a group of coders known as Evad3rs released their latest jailbreak tool, evasi0n, and Apple appears poised to release a patch soon.

All that could soon be over because jailbreaks work by exploiting previously unknown bugs in Apple’s software. Those are also known as “zero days” and are now very valuable to people building sophisticated malware for the purposes of surveillance and industrial espionage (see “Welcome to the Malware-Industrial Complex”). People with knowledge of the market for vulnerabilities say the value of iOS bugs is high enough to make selling a bug much more attractive than working it up into a new jailbreak method.

Charlie Miller, a hacker famous for demonstrating ways to hack the iPhone and other Apple products, tweeted around the time of evasi0n’s release that it would likely be the last. He listed five reasons, including that Apple has tightened the security of its products and that a person who found a zero day for iOS could “sell it to make $250k.”

The cofounder and CTO of mobile security company Lookout, Kevin Mahaffey, gave a higher estimate earlier this week, telling me that the “current price” of iOS zero days is $500,000. The Evad3rs have a donation button on their jailbreak site but whether it could raise amounts competitive with such sums is unknown.

The zero day market is a shadowy one, so getting a price like those estimated by Mahaffey and Miller would require having the right connections. Apple’s work on making iOS tougher to crack may make that more likely, since finding a zero day for the operating system has become a more elite pursuit. Zero days for mobile systems are particularly valuable because they are rarer than for conventional computer systems, people are less wary of security threats on mobile devices, and they tend to stay undiscovered and unpatched for longer.

All that means that evasi0n may be the last of the publicly available jailbreaks. Jailbreaks will still be around, but only intelligence agencies and military will be doing them. What Apple thinks of that is anybody’s guess.

Deep Dive


Capitalizing on machine learning with collaborative, structured enterprise tooling teams

Machine learning advances require an evolution of processes, tooling, and operations.

The race to destroy PFAS, the forever chemicals 

Scientists are showing these damaging compounds can be beat.

How scientists are being squeezed to take sides in the conflict between Israel and Palestine

Tensions over the war are flaring on social media—with real-life ramifications.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.