Hack an iPhone and win $1 million is Apple's latest offer

California-based firm expands programme where researchers and developers can get rewarded for finding security weaknesses in its systems

epa07764499 A view of the new Apple story building in Aventura Mall, Aventura, Florida, USA, 09 August, 2019, where the Apple augmented reality (AR) experiences in Florida was launched.  EPA/CRISTOBAL HERRERA
Powered by automated translation

Apple will pay a reward of $1 million (Dh3.7m) to any hacker who can remotely gain full control of an iPhone without the knowledge of its owner.

The company is expanding its "bug bounty" programme - launched in 2016 and which earmarked as much as $200,000 in reward money for uncovering security issues - across all its platforms including iCloud, watchOS, iPadOS and macOS. Finding other weaknesses of the iPhone rather than a full hack can fetch rewards of up to $500,000.

“This is an unprecedented fully Apple supported iOS security research platform,” said Ivan Krstic, Apple’s head of security, while announcing the revamped bug bounty plan at the Black Hat hackers conference in Las Vegas last week.

Starting next month, anyone can participate in the programme that was previously by Apple invite only.

The company is also planning to supply special iPhones to qualified hackers and security researchers next year to detect and report bugs. These devices will come with special features and debugging capabilities to make it easier for researchers to identify flaws in new systems before their market launch.

While these special iPhones will offer security researchers a deeper insight in the technical make-up of the devices, they won’t have the same level of access that internal Apple developers and the company’s security team have.

Besides the bug bounty programme, developers and researchers can also submit their feedback and file bug reports to the company using the native Feedback Assistant app for iOS and Mac or the Feedback Assistant website. On filing a bug, the finder will receive a feedback ID to track the bug within the app or on the website.

California-based Apple, which has suffered a dip in earnings, is increasing the emphasis on security in a bid to win back customers. Sales of iPhones dropped 11.8 per cent to $25.9 billion (Dh95bn) in the third quarter from a year ago, the company said last month, while net profit dropped 13 per cent year-on-year to $10.04bn.

Apple spent a record $14.24bn on research and development in 2018, a rise of more than $2.5bn from its 2017 total, according to researcher Statista.

The bug bounty expansion comes as data breaches have become more common. One of the biggest data breaches ever was reported last month after a hacker gained access to more than 100 million Capital One customers' accounts and credit card applications earlier this year.

Paige Thompson is accused of breaking into a Capital One server and gaining access to 140,000 Social Security numbers, 1 million Canadian Social Insurance numbers and 80,000 bank account numbers, in addition to an undisclosed number of people's names, addresses, credit scores, credit limits, balances, and other information, according to the bank and the US Department of Justice.