Apple is offering hackers up to $1 million to hack into their iPhones and tell the company how they did it.
The bounty, which was announced by the iPhone-maker at the annual Black Hat hacker convention in Las Vegas on Thursday, is the company’s biggest ever — in fact, it’s five times bigger than its previous largest payout.
In the past, Apple limited its bug bounty program to a restricted list of friendly hackers, but it has now opened up the reward to everyone. It will only pay out the top prize for a very specific hack: Hackers will have to show that they can gain remote access to the very core of Apple’s iOS software without needing the target, the phone’s user, to take any action.
Bug bounty programs, in which companies invite hackers to find vulnerabilities in their systems, have become increasingly popular in recent years as a way of preventing criminals from finding and exploiting those flaws first.
Such vulnerabilities in the world’s most popular smartphone are highly prized on the vulnerability market, and Apple’s $1 million reward is in line with what hackers would likely be paid for uncovering such a bug.
Private companies such as Israel’s secretive cybersecurity company NSO Group, as well as government agencies, have paid as much as $2 million for a tool that can remotely access an iPhone.
Repressive governments have been increasingly eager to find ways of monitoring the digital lives of dissidents, journalists and political opponents. In recent years, a lucrative grey market dominated by shadowy companies selling tools to do just that has exploded, and Apple’s new $1 million bounty is a way of preventing those tools from falling into the wrong hands.
It has been reported that Saudi dissidents living abroad, including well-known YouTube comic and satirist Ghanem Almasarir, were targeted with an iPhone spying tool created by NSO Group prior to the brutal torture and murder of journalist Jamal Khashoggi.
Recently, a group of hackers working for Google’s Project Zero program uncovered a cache of flaws in Apple’s software, which would allow hackers to gain access to your phone simply by sending you a message.
But the Google hackers quietly shared the details with Apple, which fixed the flaws before the details were made public, which would allow a hacker to take advantage of them.