Apple will pay one million dollars to anyone who can crack the iPhone. And this is the highest award for the identified vulnerability of all that ever was offered a large technology company. This format hacking is called “ethical hacking”. Previously, Microsoft has announced a reward for the hacking of their own systems, and Facebook even have paid tens of thousands of dollars for discovering a vulnerability in its program. About what “ethical hacking”, and any amounts the company is willing to pay for breaking their own products — in the article “360”.
Apple has significantly increased the amount willing to offer for finding vulnerabilities in the iPhone and Mac, from 200 thousand dollars to one million. Thus, the reward was the largest ever appointed by a technology company, writes Forbes.
To get from Apple is a million dollars, the hackers need to hack the operating system iOS. But to do this they need Autonomous, that is, before the user can open any program or click on something in the iPhone.
In addition to this award, provided by others. So, the hacker, who will produce “network attack that does not require user interaction”, will get a reward of 500 thousand dollars. Hackers who discovered the vulnerability in a new before its release, will also receive bonuses.
This time Apple has changed its approach not only regarding the amount of the award. Now to take part in the search for vulnerabilities can be anyone, while previously the money was paid only to the hackers, which the company itself were invited to the program itself.
This form of hacking is legal and is called “Ethical hacking”. And doing them white hackers (White Hat).
“Ethical hacking” or how to hack the system legally
As the vulnerability can not only win, but to lose everything, including freedom, it is important to clearly understand the boundaries of “Ethical hacking”, the portal writes Habr.
Ethical hacking is a legitimate form of hacking, which can be used to detect vulnerabilities in others ‘ systems and to bring them to the attention of developers. But here we must be very careful: you can participate only in official programs that were announced by the companies on their own platforms, and you must strictly follow the rules of the contest.
Arbitrarily to look for vulnerabilities in others ‘ systems cannot (even in order to report them to the manufacturer) of gratitude for it not to be, but criminal penalties will follow.
Program find errors for reward Bug Bounty are the most popular kind of “Ethical hacking”. They have more than twenty years. These services help companies to promptly detect and eliminate bugs in your product before you know about them are the attackers.
It usually happens like this: the company announces a competition to find vulnerabilities in their systems, and also voiced the amount of remuneration. Sometimes corporations announce the closure of the program. In this case, the organizer chooses the potential participants and sends them invitations, which specifies all participation conditions.
Back to the legal side of the issue. To legally participate in the program and receive money for it, and not prison terms, you should carefully read the rules of the competition, which runs the company.
And to reward really possible. And, it should be noted that the amount of winnings paid by the company for discovering vulnerabilities in their own systems or programs, sometimes reach to tens of thousands of dollars.
The reward for hacking
So for example, last year, Microsoft announced the launch of a bug bounty program for Windows, and the maximum bonus amount is $ 250 thousand. The same amount promised for the discovery of vulnerabilities in the hypervisor and the kernel of Microsoft Hyper-V, with which it was possible to remotely execute code.
Global giant Google at the time, the experts listed a total of over six million dollars for aid in detection of vulnerabilities, and the company Facebook five years of its bug bounty has paid a “white hacker” a total of five million dollars.
It is worth noting that Facebook in early 2017 paid Russian security officer Andrey Leonov 40 thousand dollars for one found a critical vulnerability. And at that time, the amount of the awards was record-breaking.
Then the Russians found in the software (SW) the social network bug that allowed to run on its servers arbitrary code.
“The fact that the amount was a record — I think it’s not the most important. The fact that it is quite large — this is the cause. Found vulnerability allow to execute arbitrary code on the server or servers owned by Facebook”, — said Leonov in an interview with RBC.
A year earlier, in may 2016, Facebook has paid 10 thousand dollars for the ten-year boy from Finland, for the fact that he found a vulnerability in the social network Instagram, which is owned by Facebook. Little computer whiz found a bug that allows users to remove comments.
After this 10-year-old boy became the youngest of those who ever received awards from Facebook, reported the Guardian.