Five Youths Hacked Apple For Three Months Straight, Got Paid $288k
It turns out that sometimes crime does pay, as five hackers have been paid more than a quarter of a million dollars by Apple after discovering serious security flaws in the company’s network.
The white hat hackers – sometimes known as ‘ethical hackers’ – led by 20-year old security researcher Sam Curry discovered 55 bugs in Apple’s online systems, many of which could be used to perform dangerous attacks.
Following the three-month project exploring vulnerabilities in its network, the group sent Apple a report containing their findings, giving the company a chance to patch the issues before any less friendly hackers could discover them.
According to a blog post, the group found that for several months Apple’s network had been open to attacks that could have stolen sensitive information and installed malicious code on Apple devices, potentially affecting millions of users.
Sam said that 11 of the 55 bugs were ‘critical’ flaws, with the hackers able to take control of Apple’s core network infrastructure to access private emails, iCloud photos, and other personal information.
One of the worst bugs would have allowed hackers to steal photos, videos and documents from any iCloud account – and then do the same to their contacts.
In a video posted to YouTube, Sam demonstrated how the hackers were able to transfer all of the photos and contacts in a victim’s iCloud account, leaving behind a message reading, ‘Your iCloud has been hacked!’
White hat hacking can earn you some serious cash, with big tech companies often offering rewards for good samaritans who come across issues with their software. Apple’s bug-bounty program meant the team of researchers were initially paid $51,500 for their report, but after making their report public yesterday evening, the team were notified by the company that their reward was being upped to a massive $288,500.
Sam told Ars Technica, ‘My reply to the email was ‘Wow, I am in a weird state of shock right now.’
‘I’ve never been paid this much at once. Everyone in our group is still freaking out a bit.’
And he reckons they could end up with almost double that once Apple finishes analysing their work.
The giant payout comes less than a month after it was revealed that Instagram had paid a 14-year-old bug bounty hunter $25,000 for discovering a vulnerability in its Augmented Reality studio system. The kids really are the future.
If you’ve got a story you want to tell, send it to UNILAD at [email protected]