$1 Million Bug Bounty Reward For Anyone Who Can Hack An iPhone


Apple has a walled garden, a more restricted ecosystem in iOS if compared to its Google Android counterpart.

And that is for reasons, including security and privacy Apple can offer to its more than $2 billion customers. But for security researchers looking for bugs, Apple's enclosed ecosystem is a plain nightmare.

This is why the company said that it's giving bug bounty participants "developer devices". These devices are like jailbroken iPhones, but officially and legally made by Apple.

In other words, these iPhones have many security features disabled, allowing researchers to probe them much more easily than the iPhones sold on the market.

The deeper access to iOS should make researchers’ work a lot easier, as they can finally access deeper iOS functions without having to wait for third-party jailbreaks. Even though these developer devices won’t have quite the same level of access as Apple itself, but it's a huge step towards creating a more friendly environment for researchers to work with.

iPhone hack
Credit: Vice.com

Apple called these initiative the "iOS Security Research Device" program.

The announcements was made in Las Vegas, at the Black Hat conference, where Apple’s head of security engineering Ivan Krstić gave a talk on iOS and macOS security.

Anyone can apply to receive one of the phones, but Apple is handing out only a limited amount, and only to qualified researchers.

"We want to attract exceptional researchers who have been focused on other platforms," Krstic said.

And in addition to the developers devices announcement, Apple also announced that it is increasing its bug bounty reward program, by offering anyone up to $1 million for finding vulnerabilities in iPhones and Macs.

The full $1 million will go to researchers who can find a hack iOS kernel, with zero clicks required by the iPhone owner. Another $500,000 will be awarded to those who can find a "network attack requiring no user interaction."

There’s also a 50% bonus for anyone who can find any weakness on new versions of iOS before it's released.

This is an update to the bug bounty program Apple launched in 2016, and by far, the highest bug bounty on offer by any major tech company in the world.

The price increase of $200,000 from its previous offering, is said to be one of Apple's way to deal with the profitable market where hackers sell Apple vulnerabilities to the governments for large sums of money. Apple vulnerabilities are highly valuable because of how closed Apple's ecosystem is.

And Apple here, wants to persuade those hackers by enticing them with larger sum of money.