How to Make $1.5 Million Hacking the iPhone and iPad
Anyone interested in becoming a millionaire by hacking an iPhone or iPad should listen up.
A bug broker named Zerodium has tripled its payment for zero-day exploits, or hacks that can be immediately taken advantage of and are unknown to the rest of the world, the company told Ars Technica in an interview. Anyone who can hack a fully patched iPhone or iPad running iOS 10, Apple’s (AAPL) latest operating system, will receive a $1.5 million reward. Zerodium previously paid $500,000 for a zero-day exploit. The $1.5 million fee will be reserved solely for sophisticated exploits that give hackers full access to a user’s data and device.
In an interview with Ars Technica, Zeroidum’s founder Chaouki Bekrar said that sophisticated exploits in iOS 10 are about 7.5 times harder to achieve than those in Google’s Android operating system. That’s why, he says, Zerodium has pegged similar hacks on Android devices at a maximum fee of $200,000.
Get Data Sheet, Fortune’s technology newsletter
Zerodium is one of many so-called “bug brokers” operating in the security community. The company, which is joined by broker Exodus Intelligence, among others, pays individuals or companies that bring to it a fully exploitable flaw. After paying for the flaw, they then “own” the technique and sell it off to defense contractors, governments, and other groups.
Bug brokers have been criticized in the past for operating a potentially appealing way for malicious hackers to gain access to exploits that could target individuals and companies, though they’ve long argued they focus on selling technology to companies and governments, as well as cybersecurity vendors.
Despite these reassurances, the practice is concerning to those who don’t like the idea of companies selling technologies that allow them to be easily hacked. What’s more, the flaws aren’t typically disclosed to companies like Apple that can patch the flaw and break the hacking opportunity. That ultimately leaves millions of users around the world vulnerable.
Although Zerodium is paying a sizable sum for a flaw, there’s potentially a significant amount of money in being a bug broker. In a 2014 report in TIME, sister publication to Fortune, Exodus was said to have charged $200,000 per year to clients who wanted exploits on software.
The FBI is said to have paid $1 million to an unidentified company for access to a flaw that gave the agency access to data on the iPhone owned by San Bernardino attacker Syed Farook. Apple previously declined to offer the FBI access to the device.
For more about Apple’s iPhone, watch:
But bug brokers aren’t alone.
Companies like Apple and Google (GOOGL) also operate so-called bug bounty programs that reward users and security companies for finding flaws in their technologies. Earlier this year, Apple announced plans to offer rewards of up to $200,000 through its bug bounty program. However, unlike bug brokers, Apple uses the information to patch security flaws in its operating systems. Bug brokers use the flaw to generate revenue.
In addition to boosting its price on an iOS 10 hack, Zerodium has also increased its rewards for several software hacks. For instance, the company is now paying $100,000 for an attack on Adobe’s Flash, up from $80,000. An Apple Safari hack will net hackers $80,000, compared to a previous $50,000 reward.
Apple did not respond to a request for comment on the Zerodium move.