Do you love the iPhone? Do you love to play with codes and jailbreak your iPhone to exercise your control over the user experience? Apple has something for you. No, it is not another restrictive update – Apple is paying up to Rs 16 crores this time if you can impress it with your hacking skills.
As part of the company’s Security Bounty program, which was initiated in 2022, Apple invites coding geniuses to break into its secure iPhone systems. The program offers a wide range of rewards, starting from $5,000 and going up to a staggering $2 million (approximately Rs 16 crore) as cash prize. That should be enough to own all of Apple’s products and services, buy all of life’s luxuries, and save up enough to now work a single day in your life.
Apple Security Bounty program: All details here
The bounty is divided into several categories, each having its own reward amount. For instance, a successful device attack via physical access could earn you up to $250,000, while a device attack via a user-installed app could fetch you up to $150,000. If you can carry out a network attack with user interaction, you could be eligible for a reward of up to $250,000.
The highest rewards are reserved for the most sophisticated attacks. A network attack without user interaction, such as a zero-click attack, could earn you up to $1 million. The same amount is offered for a remote attack on request data in a private cloud compute environment. The grand prize of $2 million is reserved for anyone who can bypass the specific protections in Lockdown mode, a feature designed to provide an extreme level of security for users who may be targeted by sophisticated digital threats.
Things to note before participating in Apple’s hack challenge
While the Apple Security Bounty program covers a wide array of Apple products (iPhone, Mac, Watch and more) and public services, there are notable exclusions. Research involving Apple Pay, any of Apple’s non-public internal systems, or techniques like phishing and social engineering is not eligible for a bounty. Additionally, the program’s scope is strictly limited to Apple’s own hardware and software, meaning vulnerabilities found in third-party services are not covered.
Participants must also adhere to strict rules of engagement and disclosure to qualify for a reward. Participants are prohibited from disrupting services for other users or compromising data and property that they do not own. Most importantly, any discovered vulnerability must be reported exclusively to Apple. To be eligible for payment, they must maintain confidentiality and not disclose the issue to anyone else until Apple has released a software fix and published an official security advisory addressing the vulnerability.