Apple Inc offered up to $1 million reward only to invited researchers who tried to find flaws in its phones and cloud backups, the largest reward offered by a company to defend against hackers, at a time of rising concern about governments breaking into the mobile devices of dissidents.
On Thursday, the company said at the annual Black Hat security conference in Las Vegas, it would open the process to all researchers, add Mac software and other targets, and offer a range of rewards, called “bounties,” for the most significant findings.
The $1 million prize would apply only to remote access to the iPhone kernel without any action from the phone’s user. Apple’s previous highest bounty was $200,000 for friendly reports of bugs that can then be fixed with software updates and not leave them exposed to criminals or spies.
Government contractors and brokers have disbursed up to $ 2 million for the most effective hacking techniques to obtain information from devices. Apple’s new bounties, however, are in the same range as certain prices published by contractors.
Apple is taking other steps to make research easier, including providing a modified phone that has certain security features disabled. Programs that exploit otherwise unknown vulnerabilities in phones, their software, or their installed applications are a major component of the violations.
A number of private companies, such as Israel’s NSO Group, sell hacking capabilities to governments.
“NSO Group develops technology that is licensed to intelligence and law enforcement agencies for the sole purpose of preventing and investigating terror and crime,” NSO said in a statement. “It is not a tool to target journalists for doing their job or to silence critics.”