Apple's bug-bounty program has been around since 2016, but the company just upped the ante last week during the Black Hat cybersecurity conference in Las Vegas. Of course, in order to get paid, you have to show that you're able to gain remote access to the core functionality of iOS without the device's owner doing anything at all.
A very specific type of hack.
That means discovering how to compromise the iPhone in way a that involves no app downloads, malicious links in an email, or rogue code in a database query that requires the user to click, tap, dial, or launch, well, anything.
Specifically, this type of attack is known as a zero-click full chain kernel execution attack with persistence.
If you don't know what that is, don't feel bad--you're not alone. You're also probably not going to be adding a string of zeros to the end of your bank account, but that's OK, it just means you're normal. Most of us just use our iPhones without thinking about the fact that there are countless bad actors that would love to get ahold of the contents of your device.
Finding the weak spots before the bad guys do.
Foreign governments, spy agencies, hackers, and cyber criminals are all constantly trying to break into your device, and Apple wants the good guys to beat them to it. Or it at least wants them to try--hence the pile of cash the company is willing to pay if you can make it happen.
Apple's announcement comes after researchers from Google revealed that they have discovered at least 10 such "zero-click" vulnerabilities. Most of those have been patched after Google quietly shared them with Apple, but undoubtedly there are more to find.
That's ultimately Apple's goal--to find out where the weak spots are before the bad guys do. Many of those individuals and organizations are willing to pay large sums to hackers who find bugs that can be exploited.
In fact, the company is even providing specially configured iPhones to select researchers that bypass many of the normal security features, in hopes they'll be able to find even greater weaknesses.
Security is everyone's challenge.
In the past, Apple's bug-bounty program was only open to specific researchers, but the company has now opened it to anyone who can find a flaw--a change the company hopes results in hackers bringing vulnerabilities to its attention first.
NSO Group, the company notorious for helping governments spy on people by infecting their devices through WhatsApp, and which claims to be able to access all of your encrypted files through its Pegasus software, is known to pay for zero-click vulnerabilities on the black market. And they aren't the only one.
That means the black market for these types of hacks is growing and Apple is trying to entice hackers to sell what they find to the company instead, giving it an opportunity to fix flaws that could otherwise put devices and users at risk.
If you happen to be one of those hackers, Apple is hoping you're up to the challenge. For the rest of us, let's hope Apple is.