Apple’s head of security, Ivan Krstic, had announced in August 2016 that Apple was launching a Bug Bounty Program. Its aim is “to reward friendly hackers who report bugs to the company.”
Although the announcement was met with huge cheer and enthusiasm originally, in the one year since, the results haven’t been up to expectations. More importantly, the But Bounty program has backfired on Apple, causing more damage than good.
What has happened?
Apple’s intention behind creating the Bug Bounty program was to test the security systems they’ve placed over iOS. The idea was to invite “friendly” hackers and give them a cash incentive — a whopping $200,000 — for punching holes in the iOS code and coming up with bugs or errors that might be categorised as “weak-links” in the chain.
However, turns out that the black market for such bugs is much more lucrative that Apple’s 200,000 Dollars reward.
“People can get more cash if they sell their bugs to others,” said Nikias Bassen, a security researcher for the company Zimperium, and who joined Apple’s program last year. “If you’re just doing it for the money, you’re not going to give [bugs] to Apple directly.”
This unique market dynamic made the event take an unforeseen turn, leaving Apple in shambles.
They came; they saw; they left
So as it turned out, hackers came to Apple’s event. They participated in it. They even found some bugs. But they did not give them to Apple. Instead, they took it with them to sell in the black market! And Apple could do nothing but stare in amazement at this unfortunate turn of events.
Here’s a look at how much Apple was paying to the hackers:
Not all the hackers were so ummm… opportunistic, though. As reported by iPhonehacks:
It is possible that a small number of security researchers did end up revealing bugs to Apple through its bug bounty program but decided against discussing it publicly.
The report went on to call the Big Bounty program “a failure” seeing as the company “clearly [seemed] to have undervalued iOS bugs.”
All we can hope is that Apple finds what bugs these hackers found, and patches them quickly. Because I don’t know about you, but for me, the idea of a bunch of hackers sitting somewhere, in possession of bugs to my iPhone that even Apple is unaware of, is quite frankly, very unnerving!