- Highest bug bounty on offer from any major tech company.
- Launching a Mac bug bounty, confirmed.
- Cost of a single exploit can fetch $1.5 million.
Apple’s offering is by far the highest bug bounty on offer from any major tech company. It has ponderously increased the amount of it’s offering to hackers for finding vulnerabilities in iPhones and Macs, up to $1 million.
The program will be open to all researchers. Although, previously, only those on the company’s invite-only bug bounty program were eligible to receive rewards.
Apple is also about to launch a Mac bug bounty, which was confirmed on Thursday. However, it is also extending it to watchOS and its Apple TV operating system.
This was announced in Las Vegas at the Black Hat conference. In the same conference, Apple’s head of security engineering Ivan Krstic gave a talk on iOS and macOS security.
It was also revealed by Forbes that Apple was to give bug bounty participants “developer devices”- iPhones that let hackers dive further into iOS. It was revealed on Monday.
For instance, they can pause the processor to look at what’s happening with data in memory. It was confirmed by Krstic that the iOS Security Research Device program would be by application only. It will arrive next year.
The Biggest Offer for iPhone hacking
The researchers who can find a hack of the kernel – the core of iOS with zero clicks required by the iPhone owner, they will get the full $1 million.
Another $500,000 will be given to those who can find a “network attack requiring no user interaction”. There’s also a 50 % bonus for hackers who can find weaknesses in software before it’s released.
The company is increasing those rewards in the face of an increasingly profitable private market where hackers sell the same information to governments for vast sums.
Apple Is Giving Out Hacker-Friendly iPhones, Plots Mac Bug Bounty — Sources https://t.co/I2rcguISJX
I’m told this is what Apple is planning to announce in Vegas later this week…
— Thomas Brewster (@iblametom) August 5, 2019
The reports are implying, Maor Shwarts told Forbes, the cost of a single exploit( a program that uses vulnerabilities typically to take control of a computer or phone) can fetch as much as $1.5 million.
As exploit targeting Whats App where no clicks are required from the user. They can be sold to a government agency for that much, though such tools are rare. Only one or two a year will be sold, from a pool of around 400 researchers who focus on such high-end hacking.
He said, “it is really hard to research them and produce a working exploit.”
According to the reports, Krstic said the bug bounty had been a success to date, with 50 serious bugs reported since the 2016 launch.