Apple opens up phone to hackers, ups bug-bounty to US$1 million

News by SC Staff

Apple is opening up its phones to selected researchers to find flaw, and has increased its bug bounty to US$1 million: rogue iPhone cables latest threat

The closed eco-system of Apple may be more secure than Android, but just as the iPhone moved the company from niche-player to mainstream business tool, it is now increasingly under attack, often successfully, hence drafting in the hacker community..  

Ivan Krstic, Apple’s head of security engineering made the announcements during During Black Hat USA 2019.  Tripwire’s David Bisson reported how Apple’s bug bounty programme will begin recognising vulnerabilities affecting macOS, tvOS and watchOS later this year, increasing its highest bug bounty payout from US$ 200,000 to US $1 million (£165,000 to £827,000) for a hack of kernel on the iPhone without any user interaction. 

Forbes reports US$ 500,000 (£414,000) would be awarded for a network attack with no user interaction and a 50 percent bonus for flaws in software prior to release.

A partial view of the new reward structure under the expanded bug bounty programme (Source: The Hacker News)

Krstic also announced that under the iOS Security Research Device Program, several "dev" iPhones will be available next year, but while anyone can apply to receive one of the phones, Apple is handing out only a limited amount, and only to qualified researchers. These  iPhones are specifically coded for developers to dig into iOS and Apple hardware to find security flaws that would be more difficult to find on the consumer device.

The most recent threat is not actually an Apple product flaw, but rogue iPhone cables created by hackers to  give complete device access. It is reported at the Def Con cyber-security convention that they were created by a hacker known as MG.

The O.MG cable doesn’t hack the iPhone, but takes over a PC if plugged in. Physical access would be needed to swap the cables.

Javvad Malik, security awareness advocate at KnowBe4 commented in an email to SC Media UK: "This is an interesting attack and one to be aware of, especially for high value targets. But it does have its limitations. Firstly, there is the cost involved in obtaining or creating a physically modified cable, then it is the matter of getting the cable to the intended recipient. It's likely something that will be limited to very targeted attacks, such as swapping out a CEO's legitimate cable with a fake one.  …. it's probably easier for willing attackers to compromise public WiFi connections by setting up their own rogue hotspots.

It may not be possible for the average person to tell whether a cable has been modified, so when in doubt, or when travelling, it may be worth using a "usb condom" which, when used, blocks any data transfer, and only allows charging of a device".

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews