-
Apple to offer cash rewards in its 'Bug Bounty' program
Last updated on Aug 06, 2016, 10:10 am
-
At the Black-Hat Cyber Security Conference on Thursday, Apple unveiled its plans to offer up to $200,000 rewards to researchers who will find security bugs in its products.
Initially, the program will be limited to about two dozen researchers who Apple will invite to help identify security bugs in 5 specific categories.
These researchers include those who have have previously helped Apple find bugs.
-
Information
Apple's tussle with FBI
-
Apple installed the Bounty Program after the FBI paid unidentified hackers $1.4million to unlock the terrorist's iPhone in the San Bernardino attack, after Apple refused to do the job. It pitted the company's concerns about cyber-criminals against accessing of useful information for national security purposes.
-
06 Aug 2016
Apple to offer cash rewards in its 'Bug Bounty' program
![Apple to offer cash rewards in its 'Bug Bounty' program]( "Apple to offer cash rewards in its 'Bug Bounty' program")
-
At the Black-Hat Cyber Security Conference on Thursday, Apple unveiled its plans to offer up to $200,000 rewards to researchers who will find security bugs in its products.
Initially, the program will be limited to about two dozen researchers who Apple will invite to help identify security bugs in 5 specific categories.
These researchers include those who have have previously helped Apple find bugs.
-
Information
Program Details
![Program Details]( "Program Details")
-
The most lucrative category is for bugs in Apple's "secure boot" firmware for preventing unauthorized programs from launching when an iOS device is powered-up.
They decided to limit the scope of the program and gradually open it up over time on the recommendation of other companies.
This would save Apple from dealing with a flood of "low-value" bug reports and would require less resources.
-
Smaller Incentives
Other rewards
![Other rewards]( "Other rewards")
-
Apple said that it will pay up to $100,000 for extraction of confidential information protected by the Secure Enclave Processor.
Other rewards include up to $50,000 for executions of arbitrary code with kernel privileges, $50,000 for access to iCloud account data on Apple servers and $25,000 for access from a sand-boxed process to user data outside of that sandbox.
-
Do you know?
Earlier attempts at infiltrating Apple devices
-
In March 2016, hackers launched a ransomware campaign targeting Mac users who had to pay one bitcoin ($400) after downloading software from an unauthorised source. Similarly, British iPhone users were scammed into entering personal information after being bombarded with messages claiming to be from iTunes.
-
Examples
Tech giants offering similar bounty rewards
![Tech giants offering similar bounty rewards]( "Tech giants offering similar bounty rewards")
-
Microsoft launched its program 3 years ago and has handed out $1.5 million in rewards to security researchers. Its 2 biggest payouts amounted to $100,000 each.
Facebook has an open program and has paid out more than $4 million over the past 5 years, with 2015's average payment standing at $1,780.
Other firms include AT&T, Google, Tesla Motors and Yahoo.
