Apple is giving out a special iPhone that can lead to a $1 million reward
Apple is paying a 50% bonus to researchers who find a vulnerability in beta code
Companies like Apple and Google pay these researchers to find flaws as an incentive. In addition, Apple would prefer that a security expert who finds a vulnerability tell the company about it instead of selling it or using it for their own evil intentions. Flaws found on iOS are said to bring researchers as much as $1 million from hackers willing to pay that much. Apple announced last week that a researcher can receive $1 million by finding a flaw allowing him or her to take over full control of an iPhone without the owner touching the handset. Other flaws can also handsomely reward a researcher as Apple is willing to pay up to $500,000 for the information. Google announced last month that it will pay up to $30,000 to a researcher finding flaws in its Chrome browser while paying $150,000 if it is told about a flaw that can compromise its Chrome OS.
“We want to attract some of the exceptional researchers who have thus far been focusing their time on other platforms. Today many of them tell us they look at our platform and they want to do research but the bar is just too high. We have by far the highest maximum payouts in the industry, and we have the iOS security research device program for exceptional researchers that are new to our platform”-Ivan Krstic, head of security engineering and architecture, Apple
Researchers who find a vulnerability in code found on beta software will receive a 50% bonus from Apple. That is to reward an expert who has identified a problem before the bug is passed along to the public, and brings the top possible award handed out by Apple to $1.5 million. As the company’s security chief points out, “The second-best reason to have a bug bounty is to find out about a vulnerability that’s already in the users’ hands and fix it quickly. The number one best reason is to find a vulnerability before it ever hits a customer’s hands.”
Apple’s new program might have received more applause if it wasn’t for the limited number of special iPhones it is handing out. As iOS security researcher Will Strafach noted, “It’s a huge step, but I do think it would be great if there were a bit more wide availability of the devices.” Apple might be concerned that the wider availability of these units might lead to several ending up in the wrong hands, creating more problems for the company. Still, with all this money at stake, regular iPhone owners should benefit from the incentives that Apple is throwing at security experts.