Apple is offering $1 million for the cybersecurity experts as a bug bounty reward to find the security flaws in the iPhone. This year, Apple announced that it will give up to $1 million as a bug bounty to anyone who finds a critical Security Flaws In iPhone software, At the annual Black Hat security conference in Las Vegas on Thursday. This is the highest offering by the company to defend itself in advance against hackers. Previous highest bounty offers from the Apple was $200,000 for friendly reports of bugs.
Previous Bug Bounty
This $1 million bounty would apply only to remote access to the iPhone in which the attacker has to access the iPhone kernel without the need of any action from the user.
Apple previously offered rewards only to the invited researchers who tried to find flaws in its phones and cloud backups. This time, researchers have the possibility for this bounty rewards. The company said it would open the process to all researchers, add Mac software and other targets, and offer a range of rewards, called “bounties,” for the most significant findings.
Apple Face ID
During the Black Hat conference in Las Vegas, researchers showed a method to bypass face recognition through FaceID. The test was based on simulating a person’s eyes by attaching a small white ribbon to a larger black one. In turn, gluing them onto the lenses of a pair of glasses.
The trick will only work if the victim is wearing these special glasses. As the eye abstraction for detection generates a black area with a white dot in the center (simulates the eye). Wearing glasses, FaceID modifies the way the liveness detection scans the eyes, “not extracting 3D information from the eye area “. In this way, the area below the lenses is as if it were scanned with a lower level of detail.