Despite being portrayed as the bad guys in the movies, hackers don’t really have to be. Actually, what we see in the movies are crackers. Hackers, who we commonly call ethical hackers to differentiate them from “bad hackers” are actually meant to help – or make money by helping. That is what many do, and receive juicy rewards from companies like Facebook, Apple or Google.
There are ethical hackers, also known as white hat, who are dedicated not to another but to look for bugs in operating systems and applications for money. They spend their time searching for zero-day vulnerabilities – that is, vulnerabilities unknown to both the public and the manufacturer itself – to report them to companies and thus ask for a reward. In addition, events and contests are also held whose purpose is to see who gets more vulnerabilities.
Interest you | The teenager who hacked the CIA and the FBI will have to pay dearly
Reward programs: when companies pay hackers for finding bugs
But it is not that they blackmail companies with publishing rulings, but that those companies have rewards programs in which, precisely, they offer prizes to those people who have reported failures in good faith.
As we can find on the Apple website, for example, the Californian company offers up to a million dollars of reward to those people who can report certain types of errors in the code of their devices. But, unsurprisingly, several conditions must be met. In the case of Apple, they are as follows: the person must obviously be the first to report it; should not be made public until Apple generates a public safety notice; And if the bug is detected in a trial version or still in development, the reward will be reduced by half.
To obtain Apple’s maximum reward – $ 1,000,000 – we will have to be able to find an error in some operating system of the company that is capable of running in the kernel without the user having to do anything. But that an error is discovered does not mean that the maximum amount is paid; in reality, the minimum payment is 5000 dollars, and it will grow depending on several factors, in which presumably we will find the detail with which the problem has been explained and its importance for security.
In Google there is a very similar program, only that the rewards are much lower: Certain problems are only paid up to $ 100. So, as we see, there are companies more profitable than others when it comes to finding faults; However, we must bear in mind that the more you pay, the more people will be behind looking for mistakes.
Apple, the one that pays the most
However, you don’t always get a reward. A few years ago, a case of a person who hacked the Facebook profile of Mark Zuckerberg – the founder and CEO of the company – was very popular. In this way, he intended to demonstrate that a vulnerability existed by attracting attention. He did so because he had contacted Facebook about this problem numerous times, without any response, deciding to take action. As expected, he was left without a reward.
Interest you | How a hacker-bounty hunter can locate any mobile for just $ 300
A good example of this is when a few days ago Apple rewarded a person with $ 75,000 for finding a zero-day vulnerability in the iPhone camera. The hacker, a former Amazon Web Services security engineer, found seven bugs in Safari and reported them in December last year, three of which could be used to control the device’s camera – not just on iOS, but also on macOS.