Apple has finally recognised the need to open up its backend and let cyber experts poke around inside to help it find potential software vulnerabilities. The Silicon Valley giant is offering researchers apparently whooping 1.3 Cr ($200,000) bug bounties – an incentive programme which offers rewards for discovering and submitting security holes and weaknesses for a company to their newly made security patches for new i-Phones.
Apple is following other tech giants such as Google and Microsoft, It’s a new trend among corporate giants, Companies offered such rewards to bolster their level of security online. Although, perhaps to make up for lost time, Apple’s lump sum seems to be the highest corporate bounty ever. What can we say, Apple is Apple after all.
However there’s a catch, before thinking about the whooping amount, the 1.3 Cr is at the high end of the payment program, and this amount will only be paid out for vulnerabilities found in Apple’s secure boot firmware components the fundamental first protection that keeps your devices safe. But there’s a substitute price too, In addition to the top reward, Apple says it will pay up to $100,000 (Rs. 66 Lac) for extraction of confidential material protected by the Secure Enclave Processor, up to $50,000 (Rs. 33 Lac) for executions of arbitrary code with kernel privileges, up to $50,000 for access to i Cloud account data on Apple servers, and up to $25,000 (Rs. 17 Lac) for access of user data from a sandboxed process.
Ivan Krstic, Apple’s head of security engineering and architecture told the crowd at the Black Hat security conference in the US about the new offer “We’ve had great help from researchers like you in improving iOS security all along,”. “Feedback that we’ve heard pretty consistently both from my team at Apple and also from researchers directly is that it’s getting increasingly more difficult to find some of those most critical types of security vulnerabilities. So the Apple Security Bounty Program is going to reward researchers who actually share critical vulnerabilities with Apple.” The pressure from the security industry to launch a bug bounty programme has been mounting on Apple for some time now, especially since numerous bug reports of late which have proved the iPhone maker isn’t quite as hacker-proof as they were once thought to be. (My nudes are also hacked, just don’t search for them, it’s disturbing!).
If you are cyber expert and a good hacker, it’s a lifetime opportunity for you go for it, good luck.