Google Hacker Asks Tim Cook to Donate $2.45 Million In Unpaid iPhone Bug Bounties
A Google security researcher says that he's found 30 vulnerabilities in iOS that have made Apple's software more secure—and he wants the company to pay up.
Aug 9 2018, 1:11pm
Image: Che Saitta-Zimmerman
More from motherboard
Apple’s iPhone is one of the most—if not the most—secure consumer device on the planet. That hasn’t stopped a small dwindling group of hackers from finding flaws in it. In 2016, Apple invited those hackers to report the bugs to the company, offering six figures rewards for their bugs, perhaps in an attempt to stop them from selling them to other high-paying startups.
In the last few years, one of the most prolific iOS bug hunters has been working for Project Zero, Google’s elite hacker team dedicated to finding zero-days in other companies’ products, quashing bug after bug. His name is Ian Beer and some consider him the best iOS hacker out there.
On Wednesday, after a talk at the Black Hat security conference in Las Vegas, Beer tweeted a message to Apple’s CEO Tim Cook, challenging him to pay for each bug he has reported since 2016, and asking him to donate $2.45 million to to human rights group Amnesty International.
An Apple spokesperson declined to comment, and Beer could not be reached for comment.
“I'd love to get a chance to sit down with you and discuss how together we can make iOS even more secure for all our users. Cheers, Ian Beer,” he tweeted.
Beer is often featured in Apple’s security bulletins for his contributions finding flaws in iOS. Last year, he sent the jailbreaking community—a loose group of amateur hackers that dedicate their time to exploiting the iPhone—into a frenzy when he announced the upcoming release of a tool that would make jailbreaking iPhones relatively easier. Beer and Google came through a few weeks later, when they released the tool, which fellow iOS hackers saw as a significant step towards developing a full-fledged jailbreak.
Apple’s bug bounty program had a lackluster start last year. As Motherboard reported at the time, the majority of independent iOS security researchers had not submitted any bugs to Apple as part of the bug bounty, mostly because doing so would hinder future research and was just not worth the trouble, given that those exploits can be sold for much more money in the gray market of exploit brokers.