:quality(70)/s3.amazonaws.com/arc-wordpress-client-uploads/adn/wp-content/uploads/2016/08/04214335/2016-08-04T181603Z_2_LYNXNPEC730Q1_RTROPTP_3_USA-BUSINESS.jpg)
LAS VEGAS — Apple, which has been criticized in recent years for failing to pay outside hackers who report bugs in its products, said Thursday that it would begin offering a bug bounty to technologists who alert the company to flaws.
At the Black Hat hacking conference, Apple announced a list of vulnerabilities that would command big bounties, including $25,000 for ways around Apple's digital compartments and into its customers' data, $50,000 for bugs that give hackers a way into iCloud data and $200,000 to turn over critical vulnerabilities in Apple's firmware — the software that lies closest to the bare metal of the machine.
Apple said that if hackers donated their rewards to charity, it would match their donation. "We want to reward the people, and frankly the creativity it takes to find bugs in these categories," said Ivan Krstic, Apple's head of security engineering and architecture.
For six years, nearly every company in Silicon Valley has been rewarding hackers who turn over bugs — a term for flaws that can make a product vulnerable to intrusion — in their systems, with cash. The hope is that the money will be an incentive to keep those flaws out of the hands of organized groups or spy agencies willing to pay big money to learn about them.
But Apple had stayed away from the practice. Instead, it had credited anyone who turned over bugs by putting their names on its website — a far cry from the tens of thousands of dollars, and in some cases hundreds of thousands of dollars, companies like Google and Facebook were willing to pay.
[Apple is said to be working on an iPhone even it can't hack]
The lack of an Apple bug bounty program made headlines this year when the FBI announced that it had paid hackers more than $1 million for a backdoor into Apple's iPhone.
The annual Black Hat conference, now in its 19th year, is a gathering place for all sorts of experts on computer security, including hackers, tech industry executives and government officials.
Dan Kaminsky, a respected security researcher, said in a keynote speech that the industry was falling far short of expectations. The onslaught of regular, high-profile hacks, like the recent penetration of computers run by the Democratic National Committee, is beginning to make customers believe that little can be done to protect them.
"We made promises in technology, and people are starting not to believe them" Kaminsky told the audience. "Everybody looks busy but the house still burns." Kaminsky argued for a cybersecurity equivalent of the National Institutes of Health or a Manhattan Project to fund research.
Notably, a fundraiser for Hillary Clinton coincided with this year's conference. Tickets for the "Hackers for Hillary" fundraiser were going for anywhere from $100 to $2,700. According to the event organizers, the fundraiser focused on "cyberpolicy issues the next administration faces."
Security experts at the conference, echoing earlier reports, maintained that Russia was behind the hack. A number of organizations cited research suggesting that the DNC was hacked by two Russian intelligence groups in what they believe is a campaign aimed at hurting Clinton's presidential candidacy.