Apple to offer cash rewards in its 'Bug Bounty' program
At the Black-Hat Cyber Security Conference on Thursday, Apple unveiled its plans to offer up to $200,000 rewards to researchers who will find security bugs in its products. Initially, the program will be limited to about two dozen researchers who Apple will invite to help identify security bugs in 5 specific categories. These researchers include those who have have previously helped Apple find bugs.
Apple installed the Bounty Program after the FBI paid unidentified hackers $1.4million to unlock the terrorist's iPhone in the San Bernardino attack, after Apple refused to do the job. It pitted the company's concerns about cyber-criminals against accessing of useful information for national security purposes.
The most lucrative category is for bugs in Apple's "secure boot" firmware for preventing unauthorized programs from launching when an iOS device is powered-up. They decided to limit the scope of the program and gradually open it up over time on the recommendation of other companies. This would save Apple from dealing with a flood of "low-value" bug reports and would require less resources.
Apple said that it will pay up to $100,000 for extraction of confidential information protected by the Secure Enclave Processor. Other rewards include up to $50,000 for executions of arbitrary code with kernel privileges, $50,000 for access to iCloud account data on Apple servers and $25,000 for access from a sand-boxed process to user data outside of that sandbox.
In March 2016, hackers launched a ransomware campaign targeting Mac users who had to pay one bitcoin ($400) after downloading software from an unauthorised source. Similarly, British iPhone users were scammed into entering personal information after being bombarded with messages claiming to be from iTunes.
Microsoft launched its program 3 years ago and has handed out $1.5 million in rewards to security researchers. Its 2 biggest payouts amounted to $100,000 each. Facebook has an open program and has paid out more than $4 million over the past 5 years, with 2015's average payment standing at $1,780. Other firms include AT&T, Google, Tesla Motors and Yahoo.
