An elite Google hacker is directly challenging Apple CEO Tim Cook to donate over $2 million to charity
- Google runs a team called Project Zero that tries to find vulnerabilities in competitors' software.
- One of its star members focusing on Apple products is Ian Beer.
- He slammed Apple at the end of a talk at the Black Hat conference in Las Vegas because he has not been invited to Apple's bug bounty program, he said.
One of the best security researchers in the world publicly criticized Apple's bug bounty program and challenged Apple CEO Tim Cook to donate $2.45 million to charity, the amount he says he should have received had he been a part of the program."Hi @tim_cook, I've been working for years to help make iOS more secure. Here's a list of all the bugs I reported which qualified for your bug bounty since its launch, could you invite me to the program so we can donate this money to @amnesty?" Ian Beer, a Google employee, tweeted during a talk at Black Hat, a high-profile security conference in Las Vegas. Advertisement
At the end of his talk, which was a technical look at iOS security, he veered into criticism of Apple."I don't think Apple intended to use the bug bounty program as a PR tool, but obviously it's given them plenty of good PR; these supposedly high prices are frequently quoted and, like the million dollar dissident, used as this comfort blanket you can wrap yourself in," he wrote in notes published along his slide deck, which he tweeted on Thursday.
Beer is one of the most prolific security researchers in the world. He and the group he works for inside Google, Project Zero, frequently find bugs that Apple patches to make its software more secure.Apple declined to comment. Advertisement
Here's an example of two bugs Beer found and reported to Apple earlier this summer:
Screenshot/Apple Security Announce
He has a day jobBug bounties are payouts typically intended for independent security researchers to incentivize them to report bad bugs instead of developing them into exploits or selling them into the black market. Basically: Report what's called a "zero-day," a previously undiscovered bug, and if it's real, you can get some money. Advertisement
Apple's bug bounty program offers big payouts, like those listed above, but unusually, it's an invite-only program. Apple launched it in 2016, after most other big tech companies had previously launched their bug bounty programs. Even if you found the biggest exploit in iPhone software, you wouldn't get paid by Apple unless you were part of the program.Advertisement
Project Zero has been controversial - after all, what it does is it tries to break other companies' software, and when it succeeds, it forces the other company to fix it within 90 days. The origins of the program date back to Google cofounder Sergey Brin's frustration that vulnerabilities from other companies could make Google less secure.Apple's iPhone security is very tight and has a reputation in the security industry for being hard to crack. But it's not bulletproof - in 2016, the UAE government used a weaponized zero-day exploit against a human rights activist.Advertisement
The high level of iPhone security means that sometimes researchers can make far more money selling zero-days on the black market than cooperating with Apple. So that makes people like Beer even more notable, given their prolific ability to find iPhone bugs.
- Elderly woman dies of COVID-19 in HP, 6 fresh cases reported
- Record 6,977 new COVID-19 cases in India in last 24 hours; death toll climbs to 4,021
- with 63 new coronavirus cases Bihar reached at 2574 till 25th May morning
- Apple TV+ promotes kid-friendly content as summer vacation begins
- NITI Aayog Vice Chairman's new development model for India suggests replacing English with an indigenous language