iOS 10 made its public debut over six weeks ago, yet there’s still no news about a public jailbreak. Hackers have been able to jailbreak iOS 10, but it seems none are willing to make their exploits available. Is Apple’s bug bounty program to blame?
When Apple debuted its iOS 10 beta this summer, it made it available with an unencrypted kernel. This makes it easier to discover security flaws, and it gives users hope that a jailbreak might come easy. But that hasn’t been the case.
In actual fact, the unencrypted kernel simply makes it faster and easier for Apple to patch bugs that exist in its iOS 10 releases. This is likely to make each update more secure than the last. Apple has also taken other steps to beef up security.
Introduced back in August at the Black Hat conference, the bug bounty program rewards hackers up to $200,000 for finding vulnerabilities in iOS and iCloud that could pose a threat to users. The only catch is, those bugs must be reported to Apple to be fixed.
The biggest reward is for finding bugs in secure boot firmware components, which is what hackers require to gain root access and jailbreak an iOS device.
This gives hackers a tough to choice to make. When they find an exploit that could be used to jailbreak iOS 10, they can either keep quiet about it and create the jailbreak, or they can report it to Apple for hundreds of thousands of dollars.
It’s not too difficult to see why the jailbreak community has been fairly quiet since the release of iOS 10, then. We first saw an iPhone 7 jailbreak back in September, less than a week after the device went on sale — but there hasn’t been a lot of action since then.
In contrast, it took just a month for Pangu to release its first jailbreak for iOS 9. The same team has already demonstrated a jailbreak for iOS 10 at the Mobile Security Conference in Shanghai back in July, but it was in its infancy and needed a lot of work.
It’s still unclear whether that jailbreak is in development, or whether later versions of iOS 10 patches the holes that made it possible.
Apple has been playing a game of cat and mouse with jailbreakers since the very first iPhone. With almost every update it makes it improves security in an effort to prevent jailbreak hacks, but then hackers find new holes that allow for new exploits.
Offering those hackers large sums of cash to report the holes they find — rather than exploit them — was a stroke of genius, and it’s a mystery why Apple didn’t offer a bug bounty program a lot earlier.
This probably won’t be the death of iOS jailbreaks. For now, only researchers invited into the bug bounty program are eligible for Apple’s rewards, so there are still plenty of hackers out there who have nothing to gain by reporting bugs to Apple. In fact, releasing an iOS 10 jailbreak is one of the best ways to get recognition for an unknown hacker and get into the bounty program in the future.
Nevertheless, it seems the program has already had an effect on the community and slowed development of new jailbreaks for iOS 10.