Apple offers record ‘bounty’ to researchers who find iPhone security flaws


Apple offers record 'bounty' to researchers who find iPhone security flaws
FILE- People walk past the Apple logo near an Apple Store at a sshopping area in central Beijing.

In Summary

  • Apple previously offered rewards only to invited researchers who tried to find flaws in its phones and cloud backups.
  • The Ksh. 100 million prize would apply only to remote access to the iPhone kernel, without any action from the phone's user.
  • Apple is taking other steps to make research easier, including offering a modified phone that has some security measures disabled.

Apple Inc. is offering cyber security researchers up to ksh. 100 million to detect flaws in iPhones, the largest reward offered by a company to defend against hackers, at a time of rising concern about governments breaking into the mobile devices of dissidents, journalists and human rights advocates.

Unlike other technology providers, Apple previously offered rewards only to invited researchers who tried to find flaws in its phones and cloud backups.

At the annual Black Hat security conference in Las Vegas on Thursday, the company said it would open the process to all researchers, add Mac software and other targets, and offer a range of rewards, called “bounties,” for the most significant findings.

The Ksh. 100 million prize would apply only to remote access to the iPhone kernel, without any action from the phone’s user.

Apple’s previous highest bounty was Ksh. 20 million for friendly reports of bugs that can then be fixed with software updates, keeping them from being exposed to criminals or spies.

Government contractors and brokers have paid as much as Ksh. 200 million for the most effective hacking techniques to obtain information from devices. Apple’s new bounties, however, are in the same range as some published prices from contractors.

Apple is taking other steps to make research easier, including offering a modified phone that has some security measures disabled.

A number of private companies, such as Israel’s NSO Group, sell hacking capabilities to governments to target their critics.

One such attack was made against a friend of Washington Post columnist Jamal Khashoggi, a critic of the Saudi Arabian government, who was killed inside the Saudi Consulate in Istanbul in October 2018.

A principal component of such breaches is programs that take advantage of otherwise unknown flaws in the phones, their software or installed applications.

For Citizen TV updates
Join @citizentvke Telegram channel



Video Of The Day: Sossion: What is happening to KNUT is a test for labour movement in this country | NEWSNIGHT |

Avatar
Story By Reuters
More by this author