Google security researcher Ian Beer says that Apple and others need to take a different approach to securing their systems. He also asks Tim Cook to donate US$2.45 million in unpaid iPhone bug bounty money to human rights group Amnesty International (via Threatpost).
[Air Force Bug Bounty Program Goes Live For Hackers]
Bug Bounty Money
Since 2016 Mr. Beer, a member of Google’s Project Zero, has found over 30 iOS bugs. He talked about them in his Black Hate session “A Brief History of Mitigation: The Path to EL1 in iOS 11.”
He says that Apple works to patch iOS bugs, but doesn’t work to fix the underlying issues that contribute to these bugs. Apple launched its bug bounty program two years ago, and the company said in lieu of a bounty reward, it would donate to a charity of the researcher’s choice.
Because Mr. Beer has found so many bugs, Apple owes him US$2.45 million as part of the program. He chose Amnesty International because of a recent cyber attack against it. It was targeted by a nation-state with a cyber weapon called Pegasus, sold by Israel-based company NSO Group.
[Apple Uses Black Hat Conference to Launch Bug Bounty Program, Will Pay up to $200K]