Tech giant Apple has announced a new security research challenge for hackers with the main aim being the company protecting its Private Cloud Compute (PCC) servers. The company has announced that if you are successful in hacking Apple’s PCC servers, you could earn up to $1 million.
But why would a company pay for someone to potentially breach their servers? This is a fairly common move for tech giants to test their security systems. Apple is trying to protect its PCC servers because they will be in charge of processing requests made to its new AI system, Apple Intelligence.
Apple Security Bounty, the program that pays you for hacking Apple’s systems
Tech giants Apple do not see this as encouraging cyberattacks against their systems. Instead, Apple sees this as an opportunity for individuals to conduct research on its systems. This is why Apple has decided to create “bounties” for hackers for vulnerabilities “That demonstrate a compromise of the fundamental security and privacy guarantees of PCC.”
The company has created a tier for hackers to guide their research with, as Apple will be focusing its PCC bounty categories in the most sensible areas of their servers.
According to Apple, hackers are encouraged to look for vulnerabilities in accidental data disclosure, external compromise from user’s requests, and physical or internal access.
In other words, the bounty is split into two main categories, with five sub-categories that each have a different “price tag”. According to Apple, however, if a hacker is aiming to win the $1 million prize, they will have to carry out a remote attack on request data, by executing an arbitrary code execution with arbitrary entitlements.
How hard is it to win Apple’s bounty?
All of these terms seem to be extremely complex, and honestly, they are. However, we can break down these terms to understand what Apple’s research really is about. First, let’s begin by explaining what a Remote Attack on Request Data is. Essentially, this means trying to interfere with data sent between Apple Devices and Apple’s servers without having physical access to Apple’s systems.
The second term is Executing Arbitrary Code Execution. This means that a potential hacker would have to get the Apple servers to run on their own code, rather than the code it was designed to run by Apple.
On top of this, a hacker would have to achieve these tasks with arbitrary entitlements. Apple uses something called entitlements to control what their apps and code can do. For instance, an entitlement might let Instagram use your camera while you are using the app. Arbitrary entitlements would mean hackers could use their own code to access Apple’s restricted data and services.
Hacking your way to Apple’s $1 million bounty is borderline impossible. Apple’s infrastructure is designed with many layers of security, that make achieving arbitrary code execution with arbitrary elements for hackers almost impossible.
Most security hackers and researchers spend years studying these type of systems and still struggle hacking into Apple’s systems. So if you own an Apple product, you must know that Apple’s hardware, software and servers are secured with cutting-edge security, and go through constant updates, making them almost unhackable.
