#FreeTheSandbox

Join the Petition

Make your voice heard — #FreeTheSandbox

MORE info
Thanks for showing support! ✊
Don't forget to claim your free stickers!
😖Something went wrong...

It Is Time To Free The Sandbox!

Did you know that you are not allowed to independently evaluate the integrity of your own iPhone & Android devices?

One of the main challenges today is that current iOS and Android sandbox restrictions enable attackers to have a significant edge over defenders.
Specifically, some of the key challenges facing defenders include the following:

The time it took Jeff Bezos to analyze his device,
may have been sufficient for the attackers to delete all traces. 

Image credits: Jeff Bezos - Seattle City Council from Seattle

We would like to ask OEM vendors to have greater transparency and enable malware investigations without requiring to hack into the device, especially for devices with Microphone, Camera & Internet access.

In addition, various companies specialise in developing commercially available hacking tools allowing them to hack into devices remotely. Unfortunately, whilst some vendors may only sell their hacking technology to legitimate entities, the availability of such tools on the open market inevitably leads to nefarious operators getting hold and leveraging them for illegitimate purposes such as compromising devices of journalists, researchers, think tanks, venture capitalists, doctors, senior executives, and human rights activists.  This predicament has been emphasized by multiple examples of remote attacks on both iOS and Android platforms in the last few years. 

For the avoidance of doubt, we do not advocate piracy. We also do not request for persistent  access to a device. Instead, we encourage OEM vendors to enable Digital Forensics and Incident Response (DFIR) community to properly inspect modern iPhone and Android devices without the need to hack into them.

Raise awareness

FreeTheSandbox initiative aims to raise awareness to this issue and ultimately change the current situation. Device vendors should collaborate with security researchers and incident handlers to bring attention to the required adjustments. There are more than three billion smartphones in use today with a common restriction of not allowing incident handlers and security researchers to inspect and analyze attacks. Thus the purpose of this collaboration is to build a safer ecosystem for analysis and investigations.

Although we are currently covering only mobile phones, we see this as a wider problem. We would love to work with device vendors and offer our help to enable seamless DFIR analysis in order to achieve greater security of these devices. Should you wish to contribute and collaborate, feel free to contact us at info@FreeTheSandbox.org

What do we want

Once users decide to analyze their own devices - they should have read-only access to the entire filesystem, and ideally full access to the devices’ memory whilst the elevated access should be provided only after typing the pin code and can be revoked after a reboot.

Among our supporters

Zuk Avraham

Founder of ZecOps
Founder of Zimperium

Dave Aitel

Founder / CEO Immunity, Inc.

TheGrugq

Security Researcher

Will Strafach

Founder / CEO GuardianApp

Nikias Bassen

VP of Product Security at Zimperium

Costin Raiu

Security Researcher

Katie Moussouris

Founder/CEO Luta Security

Matt Suiche

founder Comae

Stefano Zanero

Entrepreneur and Associate Professor at Politecnico Milano

@pwn20wnd

Security researcher

Plus hundreds more

Join the Petition

Speak up and support #FreeTheSandbox
— Fill out the form 👉

MORE info
👍
Thanks for showing support!

Don't forget to claim your free stickers and tweet #FreeTheSandbox to make your voice heard!

Yes! Send me Stickers!

Spread the word on social media:

😖Something went wrong...

In the meantime...

Available Local Privilege Escalation (LPE) vulnerabilities

Know of a Local Privilege Escalation (LPE) vulnerability but can’t see it here? Report to us, and we’ll add it.

Report new LPE
Device type
Versions
Access
CVE
Exploit availibility

Apple devices (<=A11)

All iOS Versions

Bootrom SSH as root after boot.

Unknown

Checkra1n (checkm8 implementation)

Android

N/A

LPE

N/A

Device type
Versions
Access
Bounty

Apple devices (>=A12)

All iOS Versions

Bootrom

Up to $250k

Apple devices (>=A12)

iOS 13+

LPE

Up to $50k

Android (N-Day)

Android 8

LPE

Up to $25k

Android (N-Day)

Android 9

LPE

Up to $30k

Android (N-Day)

Android 10

LPE

Up to $35k

Android (0-Day)

Android 10

LPE

Up to $50k

LPE Bounties

Please read bounty rules and additional details

Read Bounty Rules