Brandon Azad has left Google Project Zero and is all set to join Apple. Here’s what this means for the jailbreak community.
Table of Contents
Brandon Azad all set to join Apple’s Security Team
Brandon Azad of Google Project Zero fame is all set to join Apple’s security team. The hacker made the announcement today on his official Twitter handle.
It's with both bittersweet sadness and excitement that I say goodbye to Project Zero, as I'll be joining Apple next week to continue my work improving Apple device security. My time at Project Zero has been amazing, and it's been an honor to share in this wonderful mission.
— Brandon Azad (@_bazad) October 2, 2020
There’s more going on behind the scenes, though. Thanks to Azad’s expertise, iOS 14 nearly breaks everything – even a powerful exploit like checkm8. Post-exploitation on iOS has become harder too.
Further, with the introduction of MTE (Memory Tagging Extension), kernel exploitation will become harder than ever before. Apparently, the A14 Bionic chip doesn’t have MTE for the kernel.
For the uninitiated, MTE is a mitigation technique that increases the memory safety of code without needing changes to the source. It aims to detect memory safety violations and makes the system more resilient to attacks.
This is not the first time a security researcher has “switched” sides. Back in 2017, Apple hired jailbreak developer Jonathan Zdziarski aka NerveGas of Chronic Dev Team in a security role.
Zdziarski is a digital forensics expert who has also developed jailbreak tweaks such as PairLock and Split View.
What next for the jailbreak scene?
Unfortunately, this might just spell the end for jailbreaking as we know it. iOS exploits are getting increasingly hard to come by as it is.
And with an accomplished researcher such as Azad leaving Project Zero, times are about to get tough for the jailbreak community.
From now on, exploit development and research will become even harder, requiring more expertise, time, and effort.
Consequently, bug bounty programs will offer more money, probably in the millions, for exploits. There will be little incentive for researchers to release exploits and vulnerabilities publicly.
Brandon Azad, without a doubt, was one of the best security researchers of Google Project Zero. This might just be the end of “easy” exploits that slip through the cracks with each new update.
Regardless, we wish him the best of luck at Apple’s security team.
