Thursday, March 24, 2016

Hunting Bugs For Fun and Profit

The New York Times has a good piece on why hackers are more interested in helping the FBI crack the iPhone owned by the San Bernardino shooter than they are in standing up for Apple.

Google, Microsoft, Facebook, Twitter, Mozilla and many other tech companies all pay outside hackers who turn over bugs in their products and systems. Uber began a new bug bounty program on Tuesday. Google has paid outside hackers more than $6 million since it announced a bug bounty program in 2010, and the company last week doubled its top reward to $100,000 for anyone who can break into its Chromebook.

Apple, which has had relatively strong security over the years, has been open about how security is a never-ending cat-and-mouse game and how it is unwilling to engage in a financial arms race to pay for code exploits.

The company has yet to give hackers anything more than a gold star. When hackers do turn over serious flaws in its products, they may see their name listed on the company’s website — but that is it. That is a far cry from what hackers can expect if they sell an Apple flaw on the thriving underground market where a growing number of companies and government agencies are willing to pay hackers handsomely.

Short answer: money doesn’t just talk, it hacks.

HT to FC.