appConfigEntityId

bodyType

customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

hooksAmpRedirectArticle

articleSchemaContent

hooksArticlePageAdvertisementConfigArticle

liveArticle

appConfig

advertZone

sentiment

contentLock

topics

types

sections

paywallTypes

createdDate

publishedDate

sponsorType

urlAlias

moreOnThisArticles

sectionsV2

commentCount

authorLocations

authors

corrections

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

articleSpeeches

socialHeadline

headline

images

flag

firstTopic

glossary

flattenTypeIds

image

relatedLinks

relatedNewsletters

__typename

sponsor

pdfFiles

seriesReverseOrder

series

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

readingTime

customTimezone

liveContents

json

Business Insider

The U.S. government paid a steep price to hackers to help it break into an iPhone used by a terrorist earlier this year.
The most recent credible report pegs the price the government paid at "under US$1 million," but comments by FBI director James Comey peg the price as being at least US$1.3 million.
And now, we know what a top Apple security engineer thinks about the black market for iPhone hacks.
Ivan Krstić, head of security engineering and architecture for Apple, addressed the secondary market for iPhone "vulnerabilities" (or, "zero-days," as security insiders call them) in a talk given at Apple's annual conference last week about how Apple sees security as a design philosophy.
It's difficult to measure security performance with objective statistics, Krstić explains, so he uses "indirect metrics" to evaluate how well Apple's security team is doing. 
One of those metrics is the black market prices for iPhone hacks. 
It turns out, Apple likes the fact that the prices for iPhone hacks are high — because it means they're rare and difficult to pull off. 
"As probably most of you know, there is a black market for software vulnerabilities, and once in a while some of the prices on the black market become known," Krstić said. "Usually these prices are tens of thousands of dollars, sometimes US$100,000."
Those are prices for software like Microsoft Windows or Google's Android — but the prices for iPhone hacks are much, much higher.
Krstić cites two reports: In 2013, the New York Times reported that an iPhone hack sold for US$500,000.  
More recently, Forbes reported that the going rate for an iOS hack was US$1 million. 
"Take that with a grain of salt, but it's a fascinating number to think about," Krstić said. "What you're seeing now is the result of a decade of our best work in protecting our users."
During Krstić's talk, he emphasized how many hacks require malicious actors to string together five to 10 separate bugs, partially because Apple strives to "build security into every level," from its chips to its software.
In April, Apple said that it has "the most effective security organisation in the world," and during Krstić's talk, he bragged that the iPhone hasn't had a virus or malware problem at scale over the past nine years. 
One way to cut down on the black market for software vulnerabilities is to offer a "bug bounty" program. So when a hacker finds a vulnerability, they don't have to sell it to a malicious actor or the FBI — they can sell it back to the company. 
Microsoft, Facebook, and Google all offer bug bounties. Apple doesn't.
One reason could be that Apple doesn't think it needs to. Given Apple's high profile, they get lots of solicited and unsolicited tips on potential bugs. When someone finds a bug, Apple publicly gives them credit. Apple declined to comment on bug bounties on the record for this article.  
Plus, buying US$1 million dollar hacks could get expensive quickly. 
See Also:
4 things you didn't know your iPhone could do
Watch Steve Jobs lose his cool during a famous iPhone demo
The original iPhone turns 9 — here's what Apple's first prototypes looked like
Click here to visit Business Insider


Bezos’ Washington Post scraps ad calling for Trump to ‘fire Elon Musk’ from print editions

From Thailand’s ‘Ghost Tower’ to Pyongyang’s ‘Hotel of Doom’: Asia’s abandoned skyscrapers

Brutal, ‘brave’ and unrelenting: the North Korean troops fighting Ukraine

Trump, Musk highlighted in Ben & Jerry’s suit against Unilever over social mission interference

Black market for US$1 million iPhone hacks 'fascinating' says Apple

Apple claims it has "the most effective security organisation in the world," pointing out that the iPhone hasn't had a virus or malware problem in nine years. Photo: AP

Tech

Tech leaders and founders

Costly hacks the result of 'a decade of our best work in protecting our users' says Apple's security engineering and architecture chief


Apple

Cybersecurity

Articles imported from external feeds - eg Associated Press


Feed

Black market for US$1 million iPhone hacks 'fascinating' says Apple

.css-1c6uqr6{color:inherit;font-weight:inherit;font-size:inherit;font-family:inherit;line-height:inherit;overflow-wrap:break-word;}Costly hacks the result of 'a decade of our best work in protecting our users' says Apple's security engineering and architecture chief

Costly hacks the result of 'a decade of our best work in protecting our users' says Apple's security engineering and architecture chief