steven36 Posted March 25, 2016 Share Posted March 25, 2016 Apple Inc.’s lack of a bug bounty program may leave it vulnerable to hackers looking for a payout. While tech companies like Google, Microsoft, Facebook and Twitter pay third-party hackers to turn over bugs in their products and services, Apple offers only a congratulations on its website. According to a report in the New York Times, the lack of a financial incentive may make hackers reluctant to turn bugs over to the Cupertino-based company. Many companies and government agencies are willing to pay for Apple bugs and vulnerabilities. It was reported on Wednesday that Cellebrite, an Israeli company that provides mobile forensic software, went to the FBI instead of Apple to demonstrate how the Apple iPhone used by the San Bernardino shooter could be unlocked. In February, the U.S. District Court in Los Angeles told Apple that it must provide "reasonable technical assistance" to investigators aiming to unlock an iPhone 5C formerly owned by San Bernardino terrorist Syed Rizwan Farook. The court wanted Apple to disable the phone's auto-erase function, which deletes data after 10 consecutive unsuccessful passcode attempts. If Cellebrite’s method works, the Justice Department may dismiss the court order. In this instance, the third-party hacking may hand Apple a win, meaning the company won’t have to build a backdoor to its products. But it comes at the cost of exposing a critical weakness in its security. Earlier this week, Johns Hopkins University researchers discovered a weakness in Apple’s encryption that allows hackers to decrypt photos and videos sent by iMessage, according to the Washington Post. Apple said it partially fixed the issue with the release of the iOS 9 operating system and fully addressed the problem with iOS 9.3, which was released on Monday. “Even Apple, with all their skills — and they have terrific cryptographers — wasn’t able to quite get this right,” researchers told the Washington Post. Last September, Zerodium, a boutique firm in Washington which sells flaws to governments and corporations, announced a $1 million bounty for anyone who could turn over a flaw in Apple’s iOS 9 mobile operating system. Two months later, Zerodium said a team of undisclosed hackers claimed the bounty, per Wired. While Apple remains firm on its lack of a bug bounty program, other tech giants are stepping up their financial commitments to honest hackers. Uber began its own bug bounty program on Tuesday, offering up to $10,000 to hand over information on critical issues. The company is also building a bug bounty “loyalty system” that promises hackers bonuses for repeated bug discoveries in Uber’s platform. Just last week, Google doubled its highest reward to $100,000 for a hacker who could break into Chromebook. Google has paid out more than $6 million to date since it began its bug bounty program in 2010. The Source Link to comment Share on other sites More sharing options...
luisam Posted March 25, 2016 Share Posted March 25, 2016 Guess Cellebrite won't expect to get any bounty payout from Apple for decoding iPhone's protection scheme but probably might improve relations between NSA and Israel Link to comment Share on other sites More sharing options...
steven36 Posted March 25, 2016 Author Share Posted March 25, 2016 29 minutes ago, luisam said: Guess Cellebrite won't expect to get any bounty payout from Apple for decoding iPhone's protection scheme but probably might improve relations between NSA and Israel NSA not the ones that want it its the FBI witch has a $15,278 contract with Cellebrite. so there getting paid . https://www.fpds.gov/ezsearch/fpdsportal?q=cellebrite+CONTRACTING_AGENCY_NAME%3A%22FEDERAL+BUREAU+OF+INVESTIGATION%22+PIID%3A%22DJF161200P0004424%22&s=FPDSNG.COM&templateName=1.4.4&indexName=awardfull&sortBy=SIGNED_DATE&desc=Y that's what this article is about there government agencies all over the world are willing to pay hackers for backdoors Apple dont pay hackers no bounty so they save those exploits for those willing to pay. Link to comment Share on other sites More sharing options...
luisam Posted March 25, 2016 Share Posted March 25, 2016 So we've got this new source of income called 21st Century cyber-bounty hunters! Link to comment Share on other sites More sharing options...
steven36 Posted March 25, 2016 Author Share Posted March 25, 2016 6 minutes ago, luisam said: So we've got this new source of income called 21st Century cyber-bounty hunters! NSA dont need to hire hackers only federal and local law enforcement would hire security researchers (White Hackers) NSA has there own hackers they have a place for hacking it has like 2000 employes . State hackers . http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.