Apple to pay up to $200K 'bug bounty' to hackers for finding flaws

Tech giant Apple unveiled a 'bug bounty' programme through which it will pay upto $200,000 to hackers who will report vulnerabilities in its products.

While the programme will be an invite-only one, Apple won't turn away new researchers if they provide useful insights, as it plans to expand the programme, it said.

"It's getting increasingly difficult to find some of those most critical types of security vulnerabilities," said Ivan Krstic, Apple's head of security engineering and architecture, while addressing the Black Hat security conference in Las Vegas. He said Apple's security-bounty programme will reward researchers who actually share critical vulnerabilities with Apple.

With the 'bug bounty' programme, Apple joins the list of technology companies, including Microsoft, Facebook, Google parent Alphabet, that have been shelling millions of dollars in bug bounty programmes over the past few years. Uber, Fiat Chrysler and the US Department of Defense too have launched similar programmes this year.

At the Black Hat conference, Apple announced a list of vulnerabilities that would command big bounties, including $25,000 for ways around Apple's digital compartments and into its customers' data, $100,000 that allows extraction of confidential material from Secure Enclave, $50,000 for bugs that give hackers access to iCloud data and $200,000 for vulnerabilities in Apple's firmware components.

Earlier this year, The Federal Bureau of Investigation (FBI) reportedly paid hackers more than $1 million for a back door into Apple's iPhone 5C that was used by San Bernardino Shooter Syed Rizwan Farook.

Like this report? Sign up for our daily newsletter to get our top reports.