Apple’s New “Bug Bounty”

apple-hackApple has asked for help from hackers. That’s right, hackers. At the Black Hat hacking conference two weeks ago, Apple showed off a list of vulnerabilities within their systems and placed bounties of up to $200,000 to those who could crack into them.

On top of this, Apple has pledged that if these hackers were to donate their rewards to charity they would match that donation. This has apparently been an on going process over the last six years for every company in Silicon Valley. The idea behind hiring “good” hackers to find vulnerabilities in their systems is to keep them out of the hands of the malignant groups or spy agencies who will pay big to learn about them.

Apple is one of the last companies to hop on board with this program as their previous approach was simply to post the names of their bug-finding comrades on their website unlike Google and Facebook who fork out thousands to these individuals.

The Black Hat conference is an event held for all sorts of professionals in computer security from hackers and executives to government officials.

As it stands, here’s a list of the bounties Apple is offering:

  • Up to (US)$200,000 for vulnerabilities in boot firmware components
  • Up to $100,000 for flaws that allow the extraction of confidential material from the Secure Enclave Processor
  • Up to $50,000 for vulnerabilities allowing the execution of arbitrary coding with kernel privileges, or those that allow unauthorized access to iCloud account data on Apple servers
  • Up to $25,000 for flaws that enable access from a sandboxed process to user data outside that sandbox.

Although it sounds great in terms of networking, this news has raised concerns about the security of Apple devices because “it showed that Apple can be breached,” Michael Jude, a program manager at Stratecast/Frost & Sullivan, told TechNewsWorld.

On the contrary others believe that it will benefit the users security overall due to this bug bounty program. What do you think?

– Steve Brisbois

Sources:

 

Advertisements