Apple have put a massive bug bounty on their products, offering up to $1 million to hackers who can find vulnerabilities in their tech.
No, this doesn’t mean you can become a millionaire by jail-breaking your phone. The full million-dollar amount will go to the person who can hack the kernel – the core of the iOS system – with zero clicks from the iPhone owner.
Another $500,000 is on offer for the researcher who can orchestrate a network attack requiring no user interaction on the phone. There’s also a 50 per cent bonus for hackers who can find weakness in the new operating system while still in beta form (before it hits the public).
The eye-watering reward is far and away the highest bug bounty from a major technology company. Access to Apple’s bug bounty program used to be exclusively invite-only, and offered sums up to $200,000. However, any researcher will be able to apply and have a chance at the six-figure payday.
Apple’s head of security engineering Ivan Krstić announced the changes to the program while giving a talk at the Black Hat Conference in Las Vegas. As reported by Forbes, Krstić also revealed that the bug bounty would be extending to Macs, watchOS and the Apple TV operating system.
Forbes also reported that bug bounty program participants will have access to ‘developer devices’ which will enable hackers to dive in deeper to iOS. For example, they’ll be able to look at what’s happening with data in memory pausing the processor – these devices will be acquired by application-only, Krstić confirmed.
As reported by Wired, Krstić told the audience:
The second-best reason to have a bug bounty is to find out about a vulnerability that’s already in the users’ hands and fix it quickly. The number one best reason is to find a vulnerability before it ever hits a customer’s hands.
We want to attract some of the exceptional researchers who have thus far been focusing their time on other platforms. Today many of them tell us they look at our platform and they want to do research but the bar is just too high.
Apple will be keen to expose and rectify any technological weaknesses in today’s climate, where hackers can sell the same information they’ll acquire via the program for massive sums of money.
Maor Shwartz, founder of Q-recon, a vulnerability brokerage company, told Forbes that a single exploit – for example, a hack targeting WhatsApp that requires no user interaction from the user – can fetch up to $1.5 million. Apple won’t be handing out money for exploits regularly though – Schwartz said: ‘It’s really hard to research them and produce a working exploit.’
If you have a story you want to tell send it to UNILAD via story@unilad.com
After graduating from Glasgow Caledonian University with an NCTJ and BCTJ-accredited Multimedia Journalism degree, Cameron ventured into the world of print journalism at The National, while also working as a freelance film journalist on the side, becoming an accredited Rotten Tomatoes critic in the process. He’s now left his Scottish homelands and took up residence at UNILAD as a journalist.