Apple launched the first bounty-program
Apple will start paying for hackers to find vulnerabilities in their products. For the detection of a serious bug you can get up to $ 200 thousand, which is twice more than the maximum payment to Google or Microsoft. This was announced by the head of the security department of the company Ivan Krstik (Ivan Krstic) at the annual conference on cyber-security Black Hat.
The selection of hackers and setting tasks
Apple is not going to pay thousands of dollars all in a row. For the initial stage of the bounty-program the company has selected more than twenty experts from among those who have already happened to discover vulnerabilities in its products. Apple has confirmed that before these people did not receive compensation for their efforts.
Apple has limited not only to the number of participants, but also their field of activity. Vulnerability will be held in five specific categories, the priority of which – secure firmware download. The goal – to eliminate the ability to run unauthorized programs while turning the device on which you installed iOS. For finding vulnerabilities to download and will be paid fees of $ 200 thousand.
In the Finder Apple vulnerabilities fee is $ 200 thousand
Apple says that the scale of the initiative will gradually grow, and that start with a few hackers, which will stand in front of the specific tasks she was advised to “other companies”, with experience implementing bounty-program. This measure is to prevent the flow of messages of minor vulnerabilities of many people. Apple declined to specify which company gave her such an idea.
A conflict with the FBI as a possible cause of working with hackers
Run Apple bounty-program associated with it conflict with the US government, which occurred in February 2016 the FBI asked the company to open access to the iPhone deceased terrorist, who participated in the mass murder in San Bernardino in December 2015 Apple refused to cooperate with the FBI for ethical reasons, and not because they do not could provide
to access data on the device. As a result, the US Department of Justice filed a lawsuit against the company. After some time, the FBI broke up a terrorist smartphone without the help of Apple, and the lawsuit was withdrawn. Mechanisms of hacking were not disclosed. But we know that for hacking the iPhone 5C, secure four-digit password, a hacker Bureau hired from the outside. The amount of his fee, supposedly, was approximately $ 1 million. It is likely that this incident and pushed Apple to launch a bounty-program with high rates.
How many paid hackers to other companies
at the moment, their own bounty-program has many IT companies, including from Facebook, Google, Microsoft and Yahoo. The Microsoft, which launched the initiative three years ago, has already paid the hackers for a total of $ 1.5 million. The company also offers high fees for finding certain types of vulnerabilities. Two of the largest payments were $ 100 thousand. Each.
Not all companies are focused on finding specific bugs. In Facebook, for example, open-bounty program that offers rewards for a wide range of vulnerabilities. Over the past five years, the company has paid hackers to over $ 4 million. In 2015, the average fee was $ 1780. In March, Facebook paid $ 10 thousand. Boy of ten from Finland, who found a way to remove user comments from your account Instagram.
Google pays hackers for finding vulnerabilities since November 2010. The highest fee – $ 100 thousand -. the company offers to the one who finds a way to crack it Chromebook on the internet. In June 2015 Google launched a special bounty-program to check the Android, which attracted a lot of attention of hackers. During the year, 82 member had found in the OS more than 250 bugs and receive a total of $ 550 000. One of the hackers, known as @heisecode, I received $ 75,750 in 26 vulnerability reports. The highest of the program fee is $ 50,000, and you can get it, finding vulnerabilities in Android TrustZone or Verified Boot.
No comments:
Post a Comment