Apple Is Offering $1 Million To People Who Can Hack an iPhone
Apple takes security seriously.
During the recent Black Hat conference, a leading information security event held in Las Vegas, it was confirmed that a bounty of $1 million dollars will be given to anyone who can find any bugs or vulnerabilities in an iPhone.
It’s called the iOS Security Research Device program, and it will be rolling out next year. Apple will be creating pre-jailbroken phones which will be given to accepted security researchers of the program (yes, the program is open for applications). This is a step up from the initiative's previous invite-only format.
View this post on Instagram
Apple launched the bug bounty program back in 2016 with an offering of $200,000 then eventually scaled up to $500,000—those numbers seem like slim pickings now. The million-dollar offering is up for anyone who can find a “hack of the kernel—the core of iOS—with zero clicks required by the iPhone owner,” according to a Forbes report.
As per CNET, the security head of Apple, Ivan Krstic says, "This is an unprecedented fully Apple supported iOS security research platform." Krstic discussed iOS and Mac security topics during his the conference.
According to Computerworld, there are a couple of reasons as to why the bug bounty program has upped the ante.
First, there’s a huge black market wherein similar pre-jailbroken devices are exploited among security researchers and governments. Thus, bug bounty programs would give Apple control of the distribution of these devices. Second, this would incentivize external security researchers in the hope of finding bugs and vulnerabilities that Apple might miss themselves.
Lastly, by detecting such flaws early, Apple would be able to fix them immediately and learn prevention methods as well.
The program, however, doesn’t just involve the iPhone. Krstic also announced that they will be extending the bug bounty to the Mac, watchOS, and the Apple TV operating system.