Apple will now pay hackers up to $200,000 to identify vulnerabilities in its products.
The tech titan—a long-time holdout in the bug bounty arena—announced its new program during this week's Black Hat event in Las Vegas.
For the first time in four years, Apple's head of security engineering and architecture Ivan Krstic took the conference stage on Thursday to talk about security features of HomeKit, AutoUnlock, and iCloud Keychain. As TechCrunch pointed out, the public appearance is "somewhat unusual" for the secretive company.
The biggest surprise, though, was Krstic's bug bounty announcement.
According to Rich Mogull, CEO of security research firm Securosis, Cupertino boasts one of the highest payouts in the business, but only for a handful of selected researchers.
Compensation ranges from $25,000 for a sandbox break to $200,000 for a secure boot hardware exploit, Mogull wrote in a blog post. The program covers five issues, all on iOS or iCloud.
Historically, Apple has shied away from bug bounties, citing high bids from the government and black markets. And while $200,000 is a good payday, it's pennies compared to the $1 million the FBI allegedly paid to break into the iPhone used by San Bernardino shooter Syed Farook.
Now, the iDevice maker—famously protective of its products and consumers—is taking new safety precautions. Applauding this move, Mogull said Apple didn't need a bug bounty, "but can certainly benefit from one."
"This won't motivate the masses or those with ulterior motives, but it will reward researchers interested in putting in the extremely difficult work to discover and work through engineering some of the really scary classes of exploitable vulnerabilities," he said.
Recommended by Our Editors
Apple did not immediately respond to PCMag's request for comment.
This isn't the first time finding an iOS exploit could help pay the rent: In the past, third parties like Zerodium have paid security researchers upwards of $1 million to uncover Apple vulnerabilities.
In June, Cupertino moved to an unencrypted kernel in iOS 10, allowing enthusiasts and security researchers to look inside, while also increasing device security.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
