Would you like to make money by finding bugs in the Apple software? This is an invite-only offer. Apple is going to pay up to $200,000 to researchers and hackers who can find bugs in various Apple software applications including iOS and Mac OS.
This is one of the more unique ways to make money. The opportunity to make money by finding bugs in the Apple software for hackers and researchers was declared at the Black Hat hacker conference by the head of Apple security, Ivan Krstic.
Hackers and researchers can make money by finding bugs in the Apple software under the following categories:
- Secure Boot firmware: $200,000
- Extraction of confidential material protected by the Secure Enclave Processor: $100,000
- Execution of arbitrary code w/kernel privs: $50,000
- Unauthorised access to iCloud account data on Apple Servers: $50,000
- Access from a sandboxed process to user data outside of the sandbox: $25,000
So far Apple has relied mostly on internal security teams and by informally collaborating with external researchers. As mentioned above, this is an invite-only program that enables people to make money by finding bugs in the Apple software. What if you haven’t received the invitation and you have found a major bug? Won’t you be able to make money then? There is no need to worry. If you discover a vulnerability or a bug and you haven’t received the invitation, you will be invited into the program formally and then you can proceed from there.
Usually bounty programs that allow people to make money by finding bugs in various mobile apps, web services and software applications are not based on an invite-only system but Apple is doing this to isolate spurious submissions. Right now the opportunity to make money by finding bugs in the Apple software is limited to just five categories mentioned above, but gradually more categories will be added.
This sort of arrangement that allows people to make money by finding bugs in software applications is not a new concept and in fact, Apple is one of the last companies to adopt it. It is called a bug bounty program and many companies including Google and Facebook pay people to find vulnerabilities in their web services, mobile apps and conversion software applications. Google recently paid around $550,000 to hackers for finding bugs in its Android system. A few months ago a 10-year-old kid won $10,000 for finding a bug in Instagram. Even the FBI paid an external agency to hack into the iPhone system when they were trying to catch the San Bernardino terrorist. The US Department of Defense has its own bug bounty program where people can make money by trying to hack into the Pentagon systems.
Why pay researchers and hackers money for finding bugs in your software applications instead of having your own team?
As millions, and even billions of people start using your software applications it becomes humanly impossible to keep track of all the bugs and vulnerabilities unless you hire a very big team of testers and this can be very expensive. Allowing people to make money by finding bugs in your software application, on the other hand, is quite inexpensive compared to the amount of money you may have to spend by hiring in-house staff. You don’t have to pay your staff every month whether they find bugs are not, you pay only when someone delivers.
Security experts say that if Apple had started paying people to find bugs in the Apple software it could have avoided the infamous iCloud hacking in which nude photographs of more than 100 celebrities were leaked and posted on the Internet.