Apple to Give Researchers Special iPhones to Up Its Security

Mark Gurman

and

William Turton

8 August 2019, 20:19 UTC

Company offering up to $1 million to find flaws in products
Top security engineer unveils bounties at Black Hat conference

Apple Inc.’s top security engineer on Thursday said the company would begin distributing special iPhones to security researchers to help them discover flaws before malicious hackers do.
Ivan Krstic made the announcement in Las Vegas at the annual Black Hat security conference at the end of a 50-minute long presentation to discuss Apple’s security efforts for its hardware and software products. Apple has long positioned the security of its systems as a core tenet of its products.
The special phones will disable some security features and enable deeper access for researchers, Krstic told Bloomberg News after the announcement. The program is scheduled to launch next year.

Apple also said it is expanding its “bug bounty” program to the Mac, Apple TV, Apple Watch, and iPad operating systems. The program will pay security researchers who find and report security flaws in the software. Apple opened a similar program for iOS, its operating system for the iPhone, iPad, and iPod touch, and cloud storage, three years ago.
The company has been paying those who find flaws as much as $200,000, but despite that dollar amount, the company has been criticized for paying too little to stop bugs that could impact its consumer security. The company said it will offer a 50% payout bonus if a flaw is found in a beta version before it ships to consumers.

It’s also expanding the bounty program to more security researchers in the fall, Apple said. In addition, the company is adding a new $1 million bug bounty tier for more advanced security flaws and a $500,000 tier for reporting flaws giving access to user data.