Apple is taking a major step toward improving its internal security by paying hackers as much as $1.5 million to find flaws in its own devices and software.
At a recent Black Hat security conference in Las Vegas, the tech giant took the opportunity to announce that it’s raising its reward to ethical hackers who uncover and disclose problematic susceptibilities directly to the company.
Apple’s “bug bounty” is a smart move, not only for itself but consumers as well -- one that could catch mistakes before everyone’s world is turned upside down. The timing of the announcement is also interesting. At the conference, evidence was presented that hackers could attack Apple’s iPhone without as much as a solitary click.
Shoot-out at the Hacker Corral
While a million dollars seems like a high price to pay, Apple -- or any tech company for that matter -- can be drawn into a bidding war with other countries or “offensive security companies,” according to Maor Shwartz, a vulnerability broker at the Black Hat meeting. The exact amounts are tiered to the negative potential of the bug a hacker finds and when they find it.
In Apple’s original version of the bounty, the rewards capped out at $200,000, but the company’s tact may have been a little too buttoned-up for the more swashbuckling kind of hacker. Initially, white- and gray-hat hackers were only allowed to participate if they got invited directly by the company.
Bug bounties aren’t exactly a new wrinkle in the tech world. Facebook, Google, Hewlett-Packard (HP), Reddit, Tesla, Microsoft, and even the Pentagon run these types of programs.
"As we navigate an increasingly complex world of cyber threats, it’s paramount that industry leaders leverage every resource possible to deliver trusted, resilient security from the firmware up," said Shivaun Albright, HP's chief technologist of print security, said at the time of HP’s bounty announcement.