An elite Google hacker is directly challenging Apple CEO Tim Cook to donate over $2 million to charity (AAPL, GOOG, GOOGL)




 

One of the best security researchers in the world publicly criticized Apple's bug bounty program and challenged Apple CEO Tim Cook to donate $2.45 million to charity, the amount he says he should have received had he been a part of the program.

"Hi @tim_cook, I've been working for years to help make iOS more secure. Here's a list of all the bugs I reported which qualified for your bug bounty since its launch, could you invite me to the program so we can donate this money to @amnesty?" Ian Beer, a Google employee, tweeted during a talk at Black Hat, a high-profile security conference in Las Vegas.

Twitter

At the end of his talk, which was a technical look at iOS security, he veered into criticism of Apple.

"I don't think Apple intended to use the bug bounty program as a PR tool, but obviously it's given them plenty of good PR; these supposedly high prices are frequently quoted and, like the million dollar dissident, used as this comfort blanket you can wrap yourself in," he wrote in notes published along his slide deck, which he tweeted on Thursday.

Beer is one of the most prolific security researchers in the world. He and the group he works for inside Google, Project Zero, frequently find bugs that Apple patches to make its software more secure.

If you add up all prices for bugs he's found, then double it as if Apple were to match the money for charity, it would come out to $2.45 million, Beer wrote.

Apple declined to comment.

Here's an example of two bugs Beer found and reported to Apple earlier this summer:

Screenshot/Apple Security Announce

He has a day job

Bug bounties are payouts typically intended for independent security researchers to incentivize them to report bad bugs instead of developing them into exploits or selling them into the black market. Basically: Report what's called a "zero-day," a previously undiscovered bug, and if it's real, you can get some money.

Apple's bug bounty program offers big payouts, like those listed above, but unusually, it's an invite-only program. Apple launched it in 2016, after most other big tech companies had previously launched their bug bounty programs. Even if you found the biggest exploit in iPhone software, you wouldn't get paid by Apple unless you were part of the program.

YouTube/Black HatBut Beer draws a salary from Google as part of one of the strongest bug-hunting teams in the world, which itself is unusual.

Beer works for Google on its elite Project Zero team, which finds undiscovered bugs in software - even those made by other companies, like Apple, or CloudFlare, or Microsoft. By responsibly squashing those bugs, the team makes software safer for everyone.

But he also said he'd like to be invited to Apple's bug bounty program, which offers large payouts for reporting dangerous bugs to the company. In some ways, he wants to be compensated by Apple for what he's done as part of his day job at Google. (Google didn't immediately return an email about whether its security researchers are allowed to collect bug bounties.)

Project Zero has been controversial - after all, what it does is it tries to break other companies' software, and when it succeeds, it forces the other company to fix it within 90 days. The origins of the program date back to Google cofounder Sergey Brin's frustration that vulnerabilities from other companies could make Google less secure.

Apple's iPhone security is very tight and has a reputation in the security industry for being hard to crack. But it's not bulletproof - in 2016, the UAE government used a weaponized zero-day exploit against a human rights activist.

The high level of iPhone security means that sometimes researchers can make far more money selling zero-days on the black market than cooperating with Apple. So that makes people like Beer even more notable, given their prolific ability to find iPhone bugs.

It's unclear if there was a specific reason Beer went public with his complaints about how Apple handles vulnerabilities and disclosures. He said in the notes alongside his talk that it was because Apple does a "poor job of fixing" the bugs he reports. But Apple's culture of discretion means it's unlikely that Cook or Apple will respond warmly to his proposal, either publicly or privately.

NOW WATCH: What people get wrong about superfoods

See Also:

COMMENTS

More Related News

Chinese man guilty of defrauding Apple out of 1,500 iPhones
Chinese man guilty of defrauding Apple out of 1,500 iPhones

Over the span of two years, a Chinese national in Oregon sent devices that looked like iPhones to Apple, saying they wouldn't turn on and should be replaced under warranty. Apple responded by sending almost 1,500 replacement iPhones, each with an approximate resale value of $600. Jiang, 30, a former

Chip designer ARM halts work with Huawei after U.S. ban
Chip designer ARM halts work with Huawei after U.S. ban

Huawei, in common with Apple Inc and chipmakers such as Qualcomm, uses ARM blueprints to design the processors that power its smartphones. "ARM is complying with the latest restrictions set forth by the U.S. government and is having ongoing conversations with the appropriate U.S. government agencies to ensure we remain compliant," an ARM spokesman said in a statement. "ARM values its relationship with our longtime partner HiSilicon (Huawei's chip arm) and we are hopeful for a swift resolution on this matter." Huawei said it valued its close relationships with its partners, but it recognized the pressure some of them are under "as a result of politically motivated decisions".

Behold: This is the iPhone 11, but without that massive camera bump
Behold: This is the iPhone 11, but without that massive camera bump

As sure as we are that Apple will release new iPhone models each September, we're also sure that a vocal minority of people will find something silly to complain about when those new iPhones are released. And thanks to all the leaks and rumors we're privy to each year, we actually don't even have to wait for those new iPhones to hit store shelves to see what people's complaints will focus on each year. We already know everything there is to know about the upcoming iPhone 11 series design, which will look quite similar to Apple's iPhone XS design from last year and its iPhone X design from the year before. That's right, just as it did with the iPhone 6 design that stuck around for three...

Apple offered to buy Tesla back in 2013 for more than it
Apple offered to buy Tesla back in 2013 for more than it's worth today

For years, analysts have maintained that Apple needs to move past the iPhone and look for additional revenue streams. Consequently, many analysts over the years have proposed that Apple would be well advised to make a blockbuster acquisition and snatch up a company like Netflix or Tesla.Interestingly enough, it turns out that Apple actually did make an effort to acquire Tesla six years ago at a valuation of $240 a share. Incidentally, Tesla's share price has been reeling lately and is currently hovering in the $200 range. Word of Apple's efforts to acquire Tesla was brought to light by analyst Craig Irwin of Roth Capital Partners who revealed the interesting tidbit on CNBC (via Electrek)...

Huawei accuses U.S. of bullying, says working with Google to counter ban
Huawei accuses U.S. of bullying, says working with Google to counter ban

Chinese telecoms equipment maker Huawei called itself the victim of U.S. "bullying" on Tuesday and said it was working with Google to counter trade restrictions imposed by Washington last week, a senior Huawei executive said. The U.S. government said it imposed the restrictions because of

Leave a Comment

Your email address will not be published. Required fields are marked with *

Cancel reply

Comments

Top News: Economy

facebook
Hit "Like"
Don't miss any important news
Thanks, you don't need to show me this anymore.