It’s not the hackers we should be afraid of

Rich Mogull for TidBITS:

Reports emerged yesterday that a security exploit broker paid $1,000,000 for a browser-based iOS 9 attack, setting a record for buying and selling a computer exploit, at least in public.


[a] reliable iOS exploit can run into the low-six figures on exploit markets. Government agencies use these for surveillance and law enforcement, and iOS is consistently a tough nut to crack. (…) The agencies that do purchase it will most likely use it judiciously in order to lengthen the lifespan of the attack and minimize the chances it will end up in Apple’s hands.

I recommend reading the whole article. It is painting a very frightening picture. I mean, it’s logical and certainly true, but I wasn’t aware how this business worked. Even though you have the latest OS installed, you must know, that if you’re targeted, government in the US has access to your phone. (What they can get out of it is a different question.) This 1 mil gig was good for show, but the real deals are not announced anywhere in any form.