Apple says it will pay $1m to any researcher who can successfully hack an iPhone.
- Beyond the new top prize, Apple also announced that it is also extending the bug-bounty program to include not just iOS, but also macOS, tvOS, and watchOS.
The announcement came from Apple’s Head of Security Engineering and Architecture, Ivan Krstic at the yearly Black Hat conference in Las Vegas. The Black Hat conference is attended by many security researchers who attempt to hack the computer systems of companies and governments. The researchers seek security weaknesses that need to be fixed to prevent outside attackers from breaking into systems and devices.
Apple’s $1m iPhone hack offer is thought to be the largest reward promised by a major technology company to defend against internet attacks. The $1million will go to security researchers (or hackers) that are able to carry out a “zero-click full chain kernel execution attack with persistence” on an iPhone.
The “zero-click full chain kernel execution attack” is an attack that would result in the hacker gaining full access to an iOS device without assistance from the owner. If a hacker is able to pull the hack off and share how they did with Apple, they’ll get $1 million.
Apple began offering money rewards of up to $200,000 in 2016 to researchers for high-quality bug reports. During comments to the conference, Krstic said since that time, the company had received “over 50 useful reports.”
Other rewards include $500,000 for gaining “high-value user data” over a network without user involvement. A successful “user data extraction” could pay a researcher $250,000, while gaining basic access to a locked device could bring $100,000.
Also at the Black Hat conference, Microsoft announced its own new program designed for researchers to test security. The program is called Azure Security Lab. With its launch, Microsoft also announced increases in its top rewards for bug reporting.
Azure is Microsoft’s cloud services operation. The lab will permit researchers to look for security weaknesses and attempt to launch attacks on the system. The company says the lab will also offer specific challenges to researchers that will pay top rewards up to $300,000.
In a statement, Microsoft said it has paid researchers a tota4.4 million in rewards over the last year for identifying serious security issues.
Google also announced that it has paid more than $5 million to researchers since 2010 “for finding and reporting security bugs that help keep our users safe.” The company said its rewards program has generated more than 8,500 individual bug reports.
10,892 total views, 3 views today