Watch CBS News

Apple offers $1 million reward to anyone who can hack an iPhone

Capital One data breach affects millions
Capital One data breach impacts more than 100 million customers 09:38

It almost sounds too good to be true — Apple is offering up a $1 million reward to anyone who can hack an iPhone. Its an expansion of the tech giant's bug bounty program, but the reward has never been higher. 

The bug bounty program, which previously offered rewards of up to $200,000 for finding problems in iOS devices, first launched in 2016. Apple head of security Ivan Krstić announced major changes to the program on stage at the Black Hat conference in Las Vegas Thursday, CNET reports

Starting this fall, the reward will be increased to $1 million for the first time. It will also expand to include all of Apple's platforms — iOS, iCloud, tvOS, iPadOS, watchOS and macOS.

All a hacker needs to do to get the million dollars is gain full control of an Apple device remotely, without the owner of the device ever interacting with it.

"This is an unprecedented fully Apple supported iOS security research platform," Krstić said at the conference. 

Ransomware attacks on the rise, targeting both individuals and organizations 06:30

Finding other device vulnerabilities result in smaller rewards of up to $500,000. The program is now open to anyone who wants to participate. It's no longer invite-only. 

Apple will also start offering special iPhones specifically for qualified security researchers. They are easier to hack than traditional iPhones, meant for developers to find security flaws so Apple can fix them before a new product launch.

Bug bounty programs are now commonplace among tech companies. Hackers search for security flaws missed by internal teams, and instead of exploiting the bugs, they submit them back to the programs for financial rewards. 

"It is important for companies, especially those dealing with mounds of sensitive personal data, to have a public-facing way to report bugs and vulnerabilities," Marten Mickos, CEO of the bug bounty platform HackerOne, said in a statement.

The announcement comes as data breaches become increasingly common in tech and financial industries. 

Last month, Capital One said a hacker got access to the personal information of over 100 million individuals applying for credit. And Equifax will pay up to $700 million over the massive 2017 data breach that exposed the private data of nearly 150 million people. 

Last October, Google's troubled social network Google Plus shut down following the discovery of a software glitch this past spring that may have exposed the user information of up to 500,000 customers between 2015 and 2018. 

Even cities are are falling victim to breaches. In June, two Florida cities decided to pay a ransom to hackers to regain control over municipal computer systems.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.