Hackers Can Make $250,000 Selling iOS Exploits To The Government

Hackers Can Make $250,000 Selling iOS Exploits To The Government

Nicholas Allegra, or "Comex," created iOS jailbreaks that were downloaded by millions of people. Apple finally decided to hire him as an intern last year.

iOS hackers are some of the most sought after individuals in the security research community. Geniuses like Comex who come up with jailbreaks used by millions of iPhone and iPad users are offered incredible sums of money to sell their exploits to powerful and high profile clients.

Sure, you could win a decent amount of cash at a security conference for showing off the exploits you’ve uncovered, but why not make $250,000 and secretly sell your stuff to say, an entity like the U.S. government?

That’s exactly what a security researcher/middle man by the pseudonym of “Grugq” did for an unnamed iOS hacker. Located in Bangkok, Grugq made 15% commission off negotiating a $250,000 deal with a contact in the U.S. government. Grugq facilitated the transaction of the exploit information from the hacker in exchange for the 6-figure payout from the client.

Forbes has a fascinating profile:

That iOS exploit price represents just one of the dozens of deals the Grugq has arranged in his year-old side career as a middle man for so-called “zero-day” exploits, hacking techniques that take advantage of secret vulnerabilities in software. Since he began hooking up his hacker friends with contacts in government a year ago, the Grugq says he’s on track to earn a million in revenue this year. He arranged the iOS deal last month, for instance, between a developer and a U.S. government contractor. In that case, as with all of his exploit sales, he won’t offer any other details about the buyer or the seller.

Even with the $250,000 payout he elicited for that deal, he wonders if he could have gotten more. “I think I lowballed it,” he wrote to me at one point in the dealmaking process. “The client was too happy.”

Andy Greenberg from Forbes has put together a rundown of how much the average exploit sells for these days. The different price ranges are arranged by platform:

Hackers Can Make $250,000 Selling iOS Exploits To The Government

Windows exploits have always sold for more because of Microsoft’s larger market share presence in the PC space. Since Macs still only represent a fraction of desktop PCs sold every year, it’s much more cost-effective to create malware for the OS that the most people are using. You don’t see many viruses in the wild for OS X because there hasn’t been enough reason to target the platform.

What’s more surprising about Greenberg’s calculations is how little Android exploits are sold for in comparison with iOS. In fact, the average iOS exploit is worth far more than even a Windows exploit. It makes sense that browser are high up on the list, as they run on multiple platforms (for the most part) and serve as gateways to the internet. iOS, on the other hand, is the crème de la crème of platforms if you’re looking to sell an exploit.

Apple keeps iOS locked down tight. That’s why new jailbreaks always get so much coverage — they are feats of masterful hackery. Comex, the maker of the once-popular JailbreakMe tool for iOS 4.0, was reportedly offered 6 figures by multiple agencies to sell his iOS exploit. He ended up interning at Apple to help the company fortify the very platform he reverse engineered.

The people that make jailbreaks and find these kinds of exploits typically do security research work and consulting on the side. It’s a very lucrative, professional market that brings in millions and millions of dollars. Think about that next time you’re jailbreaking your iPhone.

  • facebook-100000670318505

    yes but which hacker finds an iOS exploit every day ? 

  • WardC

    This guy needs to shave and get a haircut. Seriously.

  • markbyrn

    well you’re not going to find about the exploit if they can sell it to governments for 250K; the governments will use the exploit for their purposes until it’s publicly divulged and that many never happen.  

  • Jonathan Ober

    o noes he doesn’t look like everyone else…stubble eek! long hair, sinner! :P it’s 1am I’m trolling and I know it!

  • InfoDave

    It’s his tough guy look. I bet it took years to grow the beard.

  • drexyl9944

    two bits

  • Frank Lowney

    Someone in Congress is going to read this story and launch an investigation into why the US government is spending taxpayer dollars on what they see as morally questionable if not downright illegal activity.  Novels using this idea (Tinker, Tailor, Soldier, Hacker) are cranking up as we type.  Oh what fun!

  • Eddy Suwito

    wkajkldsjflkjalsjf asfkjalsjfljasljdflajsfjalsjfjsadjfjsdjajsfja;df;jwje[rjedlnnsljfwjeljaljfncxnldkjfiejf

About the author

Alex HeathAlex Heath is a senior writer at Cult of Mac and co-host of the CultCast. He has been quoted by the likes of the BBC, KRON 4 News, and books like "ICONIC: A Photographic Tribute to Apple Innovation." If you want to pitch a story, share a tip, or just get in touch, additional contact information is available on his personal site. Twitter always works too.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News, Top stories | Tagged: , , , , , , , |