Aside from being portrayed as bad guys in films, hackers don't have to be like that. In fact, what we see in the movies is not crazy. Hackers, which we often call users of good behavior to distinguish them from "bad hackers" are actually meant to help – or to make money by helping. That's what many do, too earn red rewards from companies like Facebook, Apple or Google.
There are well-behaved hackers, also called white hats, dedicated to no one but look for bugs in operating systems and financial applications. They spend their time searching for zero-day risk – that is, certain risks unknown to the public and the manufacturer themselves – to report to companies and thus request compensation. In addition, events and competitions have also been held with the aim of identifying the highest risk.
He loves you | A teenager who violates the CIA and the FBI will have to pay a huge fine
Reward programs: where companies pay hackers for finding bugs
But it is not that their companies are making illegally publishing decisions, but that those companies have rewards programs when, correctly, they offered awards to those individuals who reported a positive failure.
As we can find on the Apple website, for example, a Californian company is offering up to a million rewards for those people who can report certain types of errors to their device's code. However, unfortunately, several conditions have to be met. In the case of Apple, it is as follows: it is obvious that one must first report it; should not be made public until Apple releases a public safety notice; And if the bug is detected by a fault version or is upgraded, the reward will be reduced by half.
To find out Apple's biggest prize – $ 1,000,000 – we will need to be able to locate an error in a specific company system that is able to work in the field without the user doing anything. But the fact that an error is found does not mean that a higher amount has been paid; in fact, the minimum payment is $ 5000, and will increase depending on a few things, in which case we will probably get the details of the issue described and its importance to security.
At Google there is a very similar program, only that the rewards are very low: Certain problems are paid up to $ 100. So, as we can see, there are companies that are more profitable than others when it comes to finding fault; However, we must remember that the more you pay, the more people will be left looking for mistakes.
Apple, which is the highest paying
However, you don't always get a reward. A few years ago, the case of the man who stripped down Mark Zuckerberg's Facebook profile – the company's founder and CEO – was very popular. In this way, he intended to show that danger arises by attracting attention. He did this because he had contacted Facebook on the issue many times, without any response, taking a decision. As expected, he was left with no reward.
He loves you | How a hacker-bounty hunter can get any cellphone for just $ 300
A good example of this there a few days ago Apple rewarded the person with a $ 75,000 fine of detecting zero day risk on the iPhone camera. The shooter, a former security engineer at Amazon Web Services, found seven flaws in Safari and reported them in December last year, three of which can be used to control the device's camera – not only on iOS, but also on MacOS.