Apple presents document 'bounty' to researchers who discover iPhone safety flaws

By Joseph Menn

LASVEGAS (Reuters) – Apple Inc <AAPL.O> is providing cyber safety researchers as much as $1 million (£823,800) to detect flaws in iPhones, the most important reward provided by an organization to defend in opposition to hackers, at a time of rising concern about governments breaking into the cellular units of dissidents, journalists and human rights advocates.

Not like different know-how suppliers, Apple beforehand provided rewards solely to invited researchers who tried to search out flaws in its telephones and cloud backups.

On the annual Black Hat safety convention in Las Vegas on Thursday, the corporate stated it could open the method to all researchers, add Mac software program and different targets, and supply a spread of rewards, referred to as “bounties,” for probably the most vital findings.

The $1 million prize would apply solely to distant entry to the iPhone kernel with none motion from the telephone’s consumer. Apple’s earlier highest bounty was $200,000 for pleasant studies of bugs that may then be mounted with software program updates and never depart them uncovered to criminals or spies.

Authorities contractors and brokers have paid as a lot as $2 million for the simplest hacking methods to acquire data from units. Apple’s new bounties, nevertheless, are in the identical vary as some printed costs from contractors.

Apple is taking different steps to make analysis simpler, together with providing a modified telephone that has some safety measures disabled.

Quite a few personal firms, resembling Israel’s NSO Group, promote hacking capabilities to governments to focus on their critics. One such assault was made in opposition to a buddy of Washington Publish columnist Jamal Khashoggi, a critic of the Saudi Arabian authorities, who was murdered contained in the Saudi consulate in Istanbul in October 2018.

A principal part of such breaches is applications that make the most of in any other case unknown flaws within the telephones, their software program or put in purposes.

(Reporting by Joseph Menn; modifying by Grant McCool)