Apple extends bug bounty, boosts rewards to US$1m

By on
Apple extends bug bounty, boosts rewards to US$1m

Apple has offered cyber security researchers up to US$1 million to detect flaws in iPhones, the largest reward offered by a company to defend against hackers.

Unlike other technology providers, Apple previously offered rewards only to invited researchers who tried to find flaws in its phones and cloud backups.

At the annual Black Hat security conference in Las Vegas, the company said it would open the process to all researchers, add Mac software and other targets, and offer a range of rewards, called "bounties," for the most significant findings.

The $1 million prize would apply only to remote access to the iPhone kernel without any action from the phone's user. Apple's previous highest bounty was $200,000 for friendly reports of bugs that can then be fixed with software updates and not leave them exposed to criminals or spies.

Government contractors and brokers have paid as much as $2 million for the most effective hacking techniques to obtain information from devices. Apple's new bounties, however, are in the same range as some published prices from contractors.

Apple is taking other steps to make research easier, including offering a modified phone that has some security measures disabled. A principal component of breaches is programs that take advantage of otherwise unknown flaws in the phones, their software or installed applications.

(Reporting by Joseph Menn; editing by Grant McCool)

Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

Will the 457 visa replacement get you hiring from overseas?
Yes - We've been waiting for this
Yes - It'll become part of our recruitment mix
No - We prefer to hire locally
No - We're not eligible to use the new scheme
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?