Tech by VICE

Chinese Hackers Pangu Have Jailbroken iOS 9

It never takes long for someone to break into new hardware.

by Joseph Cox
Oct 14 2015, 10:35am

Image: simone mescolini/Shutterstock

As soon as a new piece of hardware comes out, hackers will descend and try to break into it. Following that tradition, veteran iOS crackers Pangu announced today they had successfully jailbroken several different iterations of iOS 9, Apple's most recent operating system for iPhones, iPads, and other portable devices.

"We are very excited to announce the release of Pangu 9, the first untethered jailbreak tool for iOS 9," the Pangu account tweeted today. This latest jailbreak affects iOS versions 9.0-9.0.2, and multiple users have reported it working.

Apple did not respond to a request for comment.

Jailbreaking is when hackers manage to wiggle out of the restrictions imposed by an operating system, and gain much more control over the hardware than its creators intended.

Usually, Apple's iPhones are only able to download apps from the official App Store, and are often locked to one mobile carrier. But with a jailbroken device, users can source software from unofficial app repositories such as Cydia to customize their device in a myriad of different ways, and can also choose to switch to another telecom.

Pangu has gained a reputation over the years for releasing fairly prompt and effective jailbreaks of iOS devices. Another hacking group announced they were planning to jailbreak the operating system earlier this year, but it seems that Pangu managed to get the scoop on its own.

Beyond personalizing a phone, there are other, more nefarious reasons to jailbreak a device. An attacker might use a jailbreak in order to more easily install malware, for example. Indeed, Italian surveillance company Hacking Team heavily relied on a target's device being jailbroken in order to install its software.

Such is the prospect of a hacked iPhone that Zerodium, a recently formed zero-day vulnerability company, announced a one million dollar bounty for the details on an iOS 9 untethered jailbreak last month.

"ZERODIUM will pay out one million U.S. dollars ($1,000,000.00) to each individual or team who creates and submits to ZERODIUM an exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices," read the announcement on Zerodium's site, which added that the bounty was aimed at "experienced security researchers, reverse engineers and jailbreak developers."

Zerodium founder Chaouki Bekrar said that Pangu's jailbreak wouldn't have qualified for his challenge.

"It cannot qualify for the Zerodium bounty as the Pangu jailbreak requires physical access to the device while the bounty is only for remote and browser-based jailbreaks," he told Motherboard.

Regardless, it shows that, with enough work, any mobile operating system can be hacked.

Additional reporting by Lorenzo Franceschi-Bicchierai