For more than a decade, Apple has built a fortress around the iPhone, making iOS devices arguably the most locked-down computers accessible to hundreds of millions of people. So locked-down, in fact, that even well-intentioned security researchers have trouble getting the access necessary to dig into their internals. Now Apple is taking an unprecedented step: distributing a more hacker-friendly iPhone to its favorite researchers, letting them hack the phone on "easy mode" in the interests of making it harder for everyone else.
It's also offering bigger rewards than ever before for hackers who who can find and report those vulnerabilities. Its iOS bug bounty will pay out up to $1.5 million for a single attack technique that a researcher discovers and shares discreetly with the company.
An iPhone for Hackers
At the Black Hat security conference Thursday, Apple's head of security engineering and architecture Ivan Krstić announced a broad revamping of the company's bug bounty program. It's now open to all researchers rather than its current invite-only eligibility, includes not just iOS but MacOS and other Apple operating systems, and vastly increases the rewards for certain rare forms of attack, from $100,000 for physical access attacks to bypass an iPhone's lock screen to an unprecedented $1 million for a remote attack that can gain total, persistent control of a user's computer without any interaction on the victim's part.
But the most unusual aspect of Apple's approach is that it will now give a custom-made version of the iPhone to certain chosen researchers. These devices will lack some layers of security p ..
Support the originator by clicking the read the rest link below.
