Apple says it will pay $1 million to any researcher who can successfully break into an iPhone. Other technology companies are also offering big payments for people to identify serious security threats in an effort to prevent major internet attacks.
A company official recently announced the new reward at a yearly security conference in Las Vegas.
The Black Hat conference is attended by many security researchers who attempt to hack the computer systems of companies and governments. The researchers seek security weaknesses that need to be fixed to prevent outside attackers from breaking into systems and devices.
Apple’s $1 million offer is thought to be the largest reward promised by a major technology company to defend against internet attacks. The announcement came from Apple’s Head of Security Engineering and Architecture, Ivan Krstic.
The $1 million reward will be paid to any researcher who meets Apple’s conditions for gaining full access to an iOS device without assistance from the owner, the website AppleInsider reported.
Such a takeover of an iOS device has proven to be extremely difficult for hackers as well as law enforcement organizations.
The reward is a new part of Apple’s Feedback Assistant program. The program is a way for developers to send “bug reports” about programming problems and possible security threats.
Apple began offering money rewards of up to $200,000 in 2016 to researchers for high quality bug reports. During comments to the conference, Krstic said since that time, the company had received “over 50 useful reports,” PC Magazine reported.
Other rewards include $500,000 for gaining “high-value user data” over a network without user involvement. A successful “user data extraction” could pay a researcher $250,000, while gaining basic access to a locked device could bring $100,000.
In addition to the larger top rewards, Apple also introduced other changes to the program. One difference is that the reward will be offered to all security researchers who wish to take part. In the past, the researchers were selected and invited by Apple.
In addition, rewards will now be paid to people identifying security issues with systems beyond iOS, related to the iPad, Apple Watch and iCloud.
Also at the Black Hat conference, Microsoft announced its own new program designed for researchers to test security. The program is called Azure Security Lab. With its launch, Microsoft also announced increases in its top rewards for bug reporting.
The company says the Azure Security Lab will give researchers the chance to create possible hacking incidents that could be attempted by criminal attackers in the real world. Tests are to be carried out in a controlled, secure environment without the possibility of causing real harm, Microsoft says.
Azure is Microsoft’s cloud services operation. The lab will permit researchers to look for security weaknesses and attempt to launch attacks on the system. The company says the lab will also offer specific challenges to researchers that will pay top rewards up to $300,000.
Microsoft said in a statement it had paid researchers a total of $4.4 million in rewards during the past year for identifying serious security issues.
Last month, Google announced it had paid researchers more than $5 million since 2010 “for finding and reporting security bugs that help keep our users safe.” The company said its rewards program had resulted in more than 8,500 individual bug reports.
In addition, Google announced large increases for the security reporting rewards it offers. The highest amount for basic reports received was tripled to $15,000, while payments for some “high quality” reports doubled to $30,000.
I’m Bryan Lynn.
Words in This Story
hack – v. use a computer to illegally break into someone else’s computer system
reward – n. something that is given in return for good or evil done or received or that is offered or given for some service or attainment
access – n. the right or ability to do or see something
bug – n. mistake in a computer program
network – n. system permitting people to communicate and share information through the internet using a computer or mobile phone
extraction – n. the act of taking something out
cloud – n. internet-based computing system
challenge – n. something difficult that tests someone's ability or determination
basic – adj. simple, with nothing extra or special added