Apple is reported to be offering up to $1 million to security researchers to help them detect flaws in iPhones. Such a bug bounty program is not first of its kind Apple previously offered rewards only to invited researchers who tried to find flaws in its phones and cloud backups.
On Thursday, at the annual Black Hat security conference, the company announced that it would open the process to all researchers and offer a range of rewards, called “bounties,” for the most significant findings. The previous highest bounty was $200,000 for helpful reports of bugs that can then be fixed with software updates and not leave them exposed to criminals or spies.
We want to attract some of the exceptional researchers who have thus far been focusing their time on other platforms. Today many of them tell us they look at our platform, and they want to do research, but the bar is just too high – Krstić, Apple’s head of security engineering and architecture
Apple is taking other steps to make research more accessible; the new devices will be enabled with ssh, a root shell, and advanced debug capabilities, all designed to make it easier for security researchers to spot bugs.
Apple has given security researchers in its invite-only program a device that will let them explore the iPhone’s recesses without turning to the black market. However, Apple’s new bounties are in the same range as some published prices from contractors.