Share to friends













353 Shares

Apple has built a fortress around the iPhone, making iOS devices arguably the most locked-down devices accessible to millions of people.

Apple blocked all loopholes such that even well-intentioned security researchers find it extremely hard dig into their internals.

And now Apple is taking a step further by distributing a more hacker-friendly iPhone to its favorite researchers, letting them hack the phone on “easy mode” in the interests of making it harder for everyone else.

The company said it is offering huge rewards for any hacker who can find and report any vulnerability in the device. They are offering up to $1.5 million – an unprecedented reward, for a single attack technique that a researcher can find and privately shares with them.

The offer is $1 million. But on top of the $1 million reward, Apple will also give a 50 percent bonus to researchers who identify flaws in its code when it’s still in beta, before being released to a wider audience beyond developers—bringing its maximum reward for a single attack method to $1.5 million.

The announcement was made at the Black Hat security conference on Thursday by Apple’s head of security engineering and architecture, Ivan Krstić.

The company announced a broad revamping of the bug bounty program, which was launched three years ago, making it open to all researchers now, rather than the current invite-only eligibility.

“We want to attract some of the exceptional researchers who have thus far been focusing their time on other platforms. Today many of them tell us they look at our platform and they want to do research but the bar is just too high,” Krstić told the Black Hat audience.

“The second-best reason to have a bug bounty is to find out about a vulnerability that’s already in the users’ hands and fix it quickly,” Krstić added.

“The number one best reason is to find a vulnerability before it ever hits a customer’s hands.”

Apple has not yet said how many applications it will be accepting into the program.

The company is also expanding its bug-bounty program to include its Mac, Apple Watch, and Apple TV operating systems as well as iOS.