Sources claim Pangu to sell iOS 10.3.1 Jailbreak to Apple

The jailbreak community has been hyped by the news that the famous iOS jailbreak team, the Pangu Team, showed off their iOS 10.3.1 jailbreak in the Janus Mobile Security Conference held in Shanghai, China as reported by a Chinese tech blogger on Weibo last week. 


The photos and videos taken onsite have spreader out in viral and have been creating a number of discussions and questions regarding upgrading and release dates. 

janus-pangus-iphone-7-ios10-jailbreakable-2

However, he did also mentioned in his follow-up Weibo post that it is “extremely valuable monetarily” that Pangu has successfully broken through the hardware-level Kernel Patch Protection (KPP) on iPhone 7.

Followed by that, there was a tweet from Twitter user @qwerty860320 gone viral stating that “they are cooperating with PP Assistant and release iOS 10.3-10.3.1 Jailbreak in a week if there’s a deal” and “it will be using different exploits and compatible with 64-bit devices”. (Edit: proven to be fake!) 

However,the account has changed its user name and deleted the related tweet. This made both the account itself and the information look very shady and not trustworthy.

ios-10.3.1-jailbreak-tweet

Recently, a verified Weibo blog stated in their post that Pangu has planned to release iOS 10.3.1 Jailbreak tool namely “Janus” (which shared the same title as the mobile security conference mentioned earlier) after Apple releases iOS 10.3.2 next week. This has created, again, lots of speculations in the jailbreak community. However, notably speaking, the post also warned users stay put with iOS versions below 10.3.1 in case such speculation “goes wrong”.

Screen Shot 2017-05-01 at 11.55.42 PM.png

Following by that, there has been heated debate on the Chinese forum under Baidu, one of the major search engines in China, that a user shared that Pangu sold the iOS 10.3 jailbreak exploits/bugs to Apple for a price of US$1,250,000. He also mentioned that moving forward, Pangu will be focusing on mobile network security instead of iOS jailbreaking. This does align with Pangu’s Weibo self-description that they are now a “Mobile Internet Security Research Team”.

Screen Shot 2017-05-02 at 12.10.56 AM

But the price stated for the bug contradicts with the Bug Bounty Programme that Apple annouced in Black Hat 2016 that the highest amount that they will pay is US$200,000 only for vulnerabilities in secure boot firmware components.

It may be also possible that Pangu Team sells the bug for good and Apple pays higher under the table in case the bug is critical, echoing what Weibo user “Spark” said the bug is“extremely valuable monetarily” as we talked earlier in this post. Today, a blog post from Taiwan (written in Chinese) concurred with the above speculation.

The blog post was written in detail and pointed out valid arguments and misleading points in all the rumors we mentioned above that alerts us to not setting our expectation high at this moment.

pangu not jailbreak

The post also highlighted that Pangu’s CEO stated on the Janus Conference that “Pangu” does not equal to “Jailbreak” (words shown in the picture below). It actually means the team kickstarted mobile security research in China. Reports also interpreted that Pangu is switching gears and Janus is a new direction that Pangu will leverage on their mobile security research experience to work out “thread-reporting tools”. 


In summary, there is no reliable evidence that the Pangu Team will release an iOS 10.3 and 10.3.1 jailbreak, not to say the validity of shady information on the ETA or any cooperation jailbreak tool releases.

I do agree that even if Pangu doesn’t release the 10.3.1 JB, it’s still fantastic news that they jailbroke it in the first place. But looking at the fact that Pangu Team very likely has been steering away from iOS jailbreaking, there does have a possibly that they could sell bugs to Apple for cash. Of course, it is yet to be proven nor Pangu may confirm with us on this.


It is understandable that they decided to move on and do something bigger as they wish and it is not a crime that they translate their effort on mobile security research, no matter if it is iOS or other operating system, into monetary return in order to fuel for being sustainable in future.

What we can do for now is to wait for a few days more, hate to say that but that is the only thing works and makes sense for now, as iOS 10.3.2 is around the corner. We will stay close with any Weibo news or announcement in the coming week and share anything important with you if any.

So what is your take on this? Let me know in the comments.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s