It's by far the highest bug bounty on offer from any major tech company. The upped prize is a massive step up from the previous $200,000. The program will be open to all researchers this fall. Before, only those on the company's invite-only bug bounty program were eligible to reap the rewards.
The announcements were made in Las Vegas at the Black Hat conference, as Forbes reports, where Ivan Krstić, Apple's head of security engineering, gave a talk on iOS and macOS security.
Apple will also give bug bounty participants "developer devices," which are devices that let hackers dive deeper into iOS. One of the features of these special-variant devices is the ability to pause the processor and look at what's happening with the data in memory. This, called the iOS Security Research Device, will be application-only when it launches sometime next year.
Apple Ups Bug Bounty Program Reward To $1 Million
As for the $1 million reward, Apple is willing to give the prize to anyone who can find a hack of the kernel with zero clicks required of the iPhone owner. Meanwhile, the company will give $500,000 to anyone who can find a "network attack requiring no user interaction." There's also a 50 percent bonus for hackers who can find weaknesses in software before it's released.
Apple is increasing the rewards in an attempt to offset the increasingly profitable private market where hackers sell the same information to governments for vast amounts of money. Deep-level and sophisticated iPhone hacks are highly sought after. Previously, a company called Zerodium admitted that it will pay researchers $2 million for a remote hack of an iPhone.
Government contractors and brokers have issued as much as $2 million for the most effective hacking techniques to obtain data from devices, as NDTV reports. A number of these private companies, such as NSO Group from Israel, sell hacking capabilities to governments. Apple's new bug bounties are in the same range as some published prices from these contractors, presumably in a bid to deter hackers from approaching those companies and report to Apple instead.
Think you have what it takes to hack the iPhone? If you have any thoughts, feel free to sound them off in the comments section below!