Apple recently announced that it will be giving away $1 million to any person who will be able to successfully hack an iPhone. According to The Sun, this is a daring declaration as a way to test its security measures.
The so-called bug bounty is the biggest reward offered by any technology-focused company. In the Black Hat conference last week, Apple head of security Ivan Krstic said that the bounty will also be offered to would-be hackers of watchOS and Apple TV.
Privacy as a ‘human right’
Apple’s priority to security stems from CEP Tim Cook’s principle that privacy is a ‘human right.’ This is in light of the various cybersecurity issues happening across the globe. In connection with this, Cook also remarked that the company does not collect personal info.
This seeks to keep private details of Apple’s 2 billion-strong customers safe from cybercriminals.
Cook added that this is not the first time that Apple offers a bug bounty. In fact, this is a common practice in the tech world. Apple’s rival, Google, has also recently announced a reward for individuals who will be able to spot issues with Chrome.
Meanwhile, Krstic said that successful hackers will also receive “easy-to-hack” iPhone units. This aims to prevent the winners from selling the vulnerabilities to other parties for profit.
Aside from the $1 million bug bounty, the company will also offer $500,000 to researchers who can detect network attacks. These attacks should be implemented without user interaction. Moreover, hackers who will be able to discover vulnerabilities before the product release will receive 50% of the amount.
Krstic remarked that these rewards seek to “attract exceptional researchers” who invest their expertise in other platforms.
Previous vulnerabilities
It is important to note that Apple products have shown security bugs discovered by none other than Google researchers. Of the six vulnerabilities discovered, none of them has been addressed by the company.
The flaws allow malicious parties to control the devices by simply sending a message with a virus. Google’s Project Zero named such issues as “zero day” vulnerabilities. This is because Apple’s software security software is given “zero days” to fix it.
Aside from zero day issues, researchers who attended the Black Hat conference were able to bypass FaceID within 2 minutes. This was done simply by using eyeglasses, tape and an unconscious user.
With these existing vulnerabilities, people find it ironic that the company’s campaign champions security as a vital marketing point.
