We all know about Bug Bounty programs that different companies offer to find bugs in their software and other products. Facebook regularly pays hackers and testers for finding exploits and vulnerabilities in their system. Apple offers rewards to people who can exploit and find vulnerabilities in its products like the iPhone and Macbook. A couple of researchers bypassed the iPhone’s Face ID in just 2 minutes using some unconventional techniques. Read about the Apple iPhone Face ID Hack at the end of the article!
Introduction
Apple has increased the reward it gives to hackers for finding vulnerabilities in iPhones and Macs to $1 Million. It’s the highest bug bounty offered by any Tech company till date. Apple’s bug bounty reward used to be $200,000 and now it starts at $500K. Previously it used to be an invite-only closed event but now the bug bounty program will be open to all researchers in October.
$1Million for hacking an iPhone?
It’s not a joke! Neither the prize money nor the job. The $1 million prize money will go to the researchers who can hack the kernel i.e. the core of iOS with no involvement needed of the iPhone owner. Apart from that, another $500,000 will be given to those who can find a “network attack requiring no user interaction.” There is also a 50% bonus for people who can find vulnerabilities and bugs in software before it’s released.
As Maor Shwartz told Forbes, the cost of a single exploit (a program that uses vulnerabilities typically to take control of a computer or phone) can fetch as much as $1.5 million. Even though such tools are rare but exploits targeting WhatsApp where no clicks are required from the owner can be sold to a government agency for that amount of money. Only one or two a year will be sold, from a pool of around 400 researchers who focus on such high-end hacking. “It’s really hard to research on them and produce a working exploit,” he said.
A bunch of researchers demonstrated the iPhone Face ID hack at the ongoing annual Black Hat Hacker Convention in Las Vegas! All they used was an unconscious owner, a pair of spectacles and black and white tape. The researchers discovered that the Face ID’s liveness check doesn’t extract full 3D data from the area around the eye if it recognizes that the owner is wearing spectacles. It looks for a black area for the eye with a white point upon it for the iris. They used the black tape on the glass of the spectacles and made a hole for white tape making it look like an iris. Voila! All of this was needed for the Apple iPhone Face ID Hack.