close
close

Le-verdict

News with a Local Lens

Apple will pay over Rs 8 crore to anyone who can hack Apple Intelligence servers
minsta

Apple will pay over Rs 8 crore to anyone who can hack Apple Intelligence servers

Apple is preparing to roll out the first set of features for its AI-based Apple Intelligence in the coming days. In a preventative move before release, the company has also expanded its bug bounty program. Apple has announced a reward of $1 million – over Rs 8 crore – for anyone who successfully hacks into Apple Intelligence’s servers. For what? The Cupertino giant aims to identify vulnerabilities in its Private Cloud Compute (PCC) platform, thereby ensuring robust security for its new AI-based services.

Apple Intelligence was introduced at WWDC 2024 and is expected to launch with the iOS 18.1 update. The AI-powered suite will bring important features designed to improve Siri, strengthen device privacy, and secure on-device processing for AI functions. However, amid concerns about the potential misuse of AI and demand for private and secure AI options, Apple is taking extra precautions to make its platform as resilient as possible against cyberthreats. And if anyone identifies problems on the servers, Apple is willing to offer a substantial bounty for their efforts.

Apple Bug Bounty Program

Following the initial announcement of Apple Intelligence, Apple opened its PCC infrastructure to security experts and researchers. The PCC system supports Apple Intelligence’s cloud processing needs and is powered by Apple’s custom silicon servers, running a security-enhanced operating system specifically designed to prevent data breaches and leaks. This program allows participants to examine the PCC security architecture, which Apple says is “the most advanced security architecture ever deployed for cloud AI computing at scale.”

Apple invites security researchers around the world to examine PCC infrastructure and identify potential security vulnerabilities that could expose user data. By engaging independent researchers through a Virtual Research Environment (VRE), Apple aims to improve transparency and detect underlying vulnerabilities.

Bug Bounty rewards

Under the Bug Bounty program, Apple has categorized vulnerabilities into three main areas, each with distinct reward tiers based on risk and complexity.

  1. Accidental data disclosure: Apple will pay rewards of up to $250,000 for anyone who exposes data-exposing vulnerabilities due to configuration or design flaws in PCC – Apple Intelligence’s servers. This level focuses on accidental disclosures, often resulting from incorrect permissions or unanticipated interactions between systems.
  2. External Compromise Due to User Requests: In this category, Apple seeks to close security vulnerabilities that could allow an attacker to gain unauthorized access to the PCC by exploiting user requests. If someone successfully violates this category, Apple will pay them a bounty of up to $1 million, especially if it involves executing arbitrary code that impacts user data.
  3. Physical or Internal Access: With rewards up to $150,000, Apple covers vulnerabilities originating from internal access points within the PCC system in this tier. Hacks could involve privilege escalation, which could allow attackers to access sensitive data.

For each category, Apple evaluates reported vulnerabilities based on technical depth, potential risk to users, and quality of the report. The company also offers additional awards for outstanding discoveries that have a significant impact on security, even if they do not fit into specified categories.

To ensure the Bug Bounty program is transparent, Apple has made key resources available to help researchers fully engage with PCC. The company has published a private cloud IT security guide detailing PCC’s privacy protocols, authentication processes and protection mechanisms. Additionally, researchers have access to a VRE running on a Mac, where they can download, analyze and test the PCC software in a controlled environment. For those who want to dig deeper, Apple has also made parts of the PCC source code available on GitHub.

Published by:

Divya Bhati

Published on:

October 28, 2024

LEAVE A RESPONSE

Your email address will not be published. Required fields are marked *