Some Silicon Valley titans have been providing payments to security experts for checking their systems for faults. The Apple Inc. has also decided to follow this course for increasing the reliability of their systems.
Last week the Black Hat cybersecurity conference was held in Las Vegas, Nevada, United States. In the conference, Mr. Ivan Krstic, the Croatian computer security expert and head of Security Engineering and Architecture at Apple, announced that Apple is offering between $25K-$200K to those researchers who can expose previously unknown vulnerabilities. The amount rewarded depends on the type of flaws reported by the security experts.
This scheme will start in the month of September and the company will have the right to select the hackers of its choice. Initially, the program will deal with mobile iOS devices and iCloud only. It is expected that the number of hired experts would gradually increase as the program goes on.
Although, companies like Google, Facebook and Uber have been following this practice for the last few years and security experts have been rewarded accordingly but the prize money granted by Apple Inc. is the highest. The rewards provided by Google and Uber were about $20K and $10K respectively.
Moreover, Apple will not directly be providing these prizes directly rather it will avail the services of a third-party security organization for this purpose. For instance, Exodus Intelligence will be paying up to $500K to those hackers who can report bugs in iOS 9.3 and above versions.
A few years ago, when this practice of bug bounties had not been established by companies yet, the hackers made money by exposing the vulnerabilities to those dealing with malicious software. Although companies have tried to get services from hackers legally but the “zero-day vulnerability” – a hole in the software that is unknown to the vendor – were exploited by hackers for higher rates before the vendor became aware and fixed them. Such an exploit is called a zero-day attack.
However, for solving such issues in case of iOS, Blackhat Firm Exodus is offering $500K ($300K more than the maximum offered by Apple) to anyone who can sell them a zero-day exploit. Secret Apple iPhone zero-day exploits are said to earn about $1,000K. Moreover, FBI (Federal Bureau of Investigation) paid more than $1.3 million to break into San Bernardino iPhone. Apple Zero-Day flaws have also left OS-X systems greatly vulnerable to attacks.