Apple Will Pay Hackers $1,000,000 For This Bug Bounty 😳
Вставка
- Опубліковано 7 тра 2023
- Support the Shawn Ryan Show for $5 and get the chance to watch the shows AD FREE, with the exception of Shawn's personal reads, before they release!! Additionally, you will get behind the scenes footage from the Shawn Ryan Show. Sign up here: / vigilanceelite
Please leave us a review on Apple/Spotify Podcasts:
Apple - podcasts.apple.com/us/podcast...
Spotify - open.spotify.com/show/5eodRZd...
#PODCAST #HACKER #SHORTS
Vigilance Elite/Shawn Ryan Links:
Website - www.vigilanceelite.com
Patreon - / vigilanceelite
TikTok - / shawnryanshow
Instagram - / shawnryan762
Thanks for watching everyone. You can watch the full episode with Ryan Montgomery here ua-cam.com/video/qjz_07-DvE0/v-deo.html Additionally if you want to support the Shawn Ryan Show you can join the community. www.patreon.com/VigilanceElite
I ran recruiting for the Bug Bounty Program at Zoom for a couple years. My VP never made million dollar payouts, but it’s certainly a lucrative opportunity for Hackers to be on the good side of the law. In fact, I screened so many folks that had felonies for hacking, yet it didn’t matter if you were good.
You also have the internal/external anomaly assessors typically known as Red Team or Blue Team.
Great interview
btw, I’m also the recruiter that built Napster’s original engineering team, file sharing (music).
With the IPhone can’t you download a app and all you need is the person cell phone number too hack for iPhone too see what they are doing … like screen sharing ?
Ask this guy about the ability to rig elections with computer technology.
Valve
@@Misterscout
2 cryptic
His Steam library must be pretty impressive, then
i had the same thought lmao
Definitely pornhub premium
I thought of amazon.
😂
Amazon or steam, imagine having 130k in credit, they probs offered 100k cash and my guy did the maths and worked out he could make more with the skins he could buy. Maybe.
It was gamestop. They offered him $10.00 in cash or $128,000 in store credit. This happened before the stock ordeal, obviously.
Lol you can literally buy a brand new game just dropped bring it in unopened they offer you $15 it's fucking insane!
Underrated comment
😂😂😂
This needs more likes
HAHAHAHHAH
Gotta be Amazon, that much store credit anywhere else is just basically pointless.
Robin Hood or another investment platform 🤷🏻♂️
@@matthewdenis6899 that's not credit, that's just tax free cash
Ebay. He's smart enough he's going to leave an intentional red herring.
Betting sites, ticket sites, and airplane app could make sense too
@@matthewdenis6899 robin hood is a scam in case you haven't heard.
So let's team up with an apple software engineer. He adds the bug and I find it. We split 50/50.
I don’t think an Apple engineer needs the money 😂
@@saucejohnson9862 not need but want, yes
@@saucejohnson9862 now that I think about it I’m not surprised if western Apple engineers are very well paid
@@saucejohnson9862 I work in big tech and I can assure you that every single engineer I know would jump at the opportunity to make an extra $500k. Sure, some of us get paid a great salary, but the vast majority of us are still living middle/upper-middle class life styles.
@@phytoplankton7003 Devils advocate, I bet most are from India because they won't take the salary that an engineer is worth.
You can either report that bug to apple for 1 million or sell it to the NSA for 3 million
classic
Or use it yourself for billions, up to you i guess.
The CIA can monitor any Apple phone. The software runs independently of the OS too.
If the NSA is involved.
Is there a waiver of all taxes included? 😁
I had a uncle that “worked for the nsa” and he would always be like “man I can’t tell you shit kiddo it’s against my job” but I remember before he passed he did start telling me crazy shit and just saying “don’t tell a soul” super cool dude. Getting into someone’s phone or a apple exploit to get into phones, that’s just child’s play for the nsa
It was cambells soup. They offered him $128k in chicken noodle soup
Like one entire bedroom devoted to housing cans of crappy " run the chicken through for flavor" soup.
Why
@@meditationdrumartprojectca4835 its obvious, he hacked the soup
Bro pops open a soup can
*hacker voice* I'm in.
Campbell's: *hands him $128k*
*Everyone clapped 👏 *
Thats 129,293 cans of Campbell soup
Fun fact. They offer just over a quarter million dollars to anyone who can find exploits that directly lead to the development of a jailbreak. This is why jailbreaking Apple products had basically come to a crawl. People are reporting their methods to Apple, and they get patched out really quick. Why release a jailbreak when you can receive 250k+ in what for some of these people is relatively easy cash
Pangu is dead last time I had it working was iPhone 6c lol
@@musicmane4146I said nothing about pangu. There’s also a lot of newer devs who made jailbreaks for up to iOS 15.5 iirc. Not all versions, but a large majority
Or just be Nintendo and get a court to sentence you to a $10 million fine from Nintendo.
@@GiuseppeGaetanoSabatelli that makes no sense in relation to anything I’m talking about. Apple is paying these people to not release the exploits immediately. Nintendo is attempting to take down anything emulation and has sued Gary bowser recently for being associated with the people who made the tools and custom firmware that made piracy on the switch easier
@@Syndicate_LS is jailbreaking still alive then? It was part of the reason I got an iPhone because the jailbreaking was a big deal like ten years ago 😂
And the NSA be like “we’ll pay you 2 million not to reveal the vulnerability.”
Smart man. $128k credits is not money, therefore not taxable. And very difficult for the IRS to track.
Can you explain how it’s hard to track?
You don’t know what the cash offer was. Yet you have judged he’s a smart man in the deal. 😊
@@JM-ym8vrcash offer would've been 128k given to you wdym?
@@youwantshum9860 generally store credit is more than the cash value because you can spend that cash wherever you like, whereas store credit you've to spend with them
No reason to track it in a closed system, same as gift cards basically. Very nice tax free paycheck though!
Bezos coughed up that 128k
My old landlord makes tables for his man cave lol no lie
I thought the same
No way, it was Steam. And now he has every single train DLC for Train Simulator.
@@Sercer25 hahahahhahahahaha
@@Sercer25 nah bro has all the europa euralis dlc
Except when you submit a bug you spent months finding, they send you an email saying they were already working on it despite the fact that it's a zero-day
That's when you use it to leave a note on tim cooks phone.
@@MrDJAK777lol that's one way to show to show them youre serious 😂
Bet he has an empty Amazon wishlist
HahshshH😂
Nah man, his wishlist is whatever he put in his cart anytime
Are u slow? Why would he get credit on Amazon when he can use the cash to buy stuff? There’s no gain in that. He prob got bitcoin
@@Foryourinformation218same reason why places sell $100 gift cards for $80. They know you’ll be forced to use the money at their site anyways, so they can offer a more lucrative deal. Would you take 80k cash or 128k in credit?
@@Foryourinformation218it was probably either 130,000$ in store credit or like 70,000$ cash
Don’t think the IR-s taxes platform credits…..well played young man
Exactly
It's classed as "Benefit in Kind" in the U.K...so they'd still want their 25%.
@Snakebloke thats the uk though. They tax everything. Hence the American revolution
He'll be taxed for capital gain.
Yes they do. Any form of income is taxable unless stated exempt and there are no laws stating that the credit is exempt.
"if you are good at something, never do it for free" ~Joker 🃏
Yet he’s the same person that says "eat the rich". Rich people never do something they’re good at for free. I’m serious
saying he chose it over cash really does narrow it down 😂
The point wasn't to narrow it down though
@@trapezoid5810 the point is he DID narrow it down
@@trapezoid5810nope, if he outright says the name he's breaching his NDA....he gave just enough of a hint for us to get it though.
Keep in mind, that’s apple’s offer. Black market, probably 10x-25x.
These idiots trying to pretend they know anything about the black market because they did some surface level research on Google 💀
@@octopusdreams welp, if you weren’t already…welcome to a(at least)watchlist for this comment. It’s okay, you’re among friends here.
@@halvorson566 haha
Lol what black market?
Plus risk of jail time
I love how he looked off to the side at the Apple firing squad before he answered 😅
😂😂😂😂
😂😂😂
I honestly thought it would be an Airlines type deal at the end. That's a lot of travel for the rest of your life
Send it to Huawei for 10 million dollars.
Dude I would start a Chinese bidding war honestly. I’d contact huawei, let them know the price is currently 10,000,000, but that I have other potential buyers lined up. Hopefully huawei would cough up more than 10 mill, they have the entire Chinese population under their belt.
Lmaoo
So anyway, Amazon fixed a hole.
Well, let's be honest...a million is nothing to a company like Apple, especially if it means their products are safeguarded
A 0-day exploit is more valuable being kept and abused than bountied.
Usually bug bounties are graphical glitches or translation issues, sometimes it's about fixing how apps render in certain devices, etc... But you rarely see actual security threats being bountied.
use your brain, a million isn't alot but if a billionaire gave a broke person 1 million its a lot to them
That’s the point…
You could almost certainly get a hell of a lot more by selling that exploit to someone else.
Apple needs to offer this incentive. It might even be too little.
They might just want to utilize those vulnerabilities
His onlyfans subscriptions are probably off the chain 😂
Tell me it was Amazon with out naming them directly.
Dude has enough credit for Candy Crush power-ups to last a month.
128,000 credit for Amazon...
It was obviously onlyfans
@@dano9411 judging by his skin complexion i can see why you said that
@@carbon-based-lifeform9172 you guys are weird
@@dano9411 highly doubtful considering how much time and effort he puts into catching preds.
Obviously
American Airlines. That’s my guess. I’d easily accept $128K in credit for AA over the (probably) $50K cash.
$128,000 Steam credit 😂
Oh please, the entire airline industry is one giant bug masquerading as a feature. That's what has been causing all the random nationwide flight delays lately.
My pops use to fly for AA
Gotta agree, he got airline credit.
@@unbearifiedbear1885 this sent me, good one
It makes me really happy how confident this guy sounds in the thought that no one collecting the bounty means no one found a bug
Definitely got the doordash exploit fixed
I just like this guy. He's honest to the core.
Hah, I feel like we just won't be able to ever catch him lying.
Nah, he's just good at maintaining his front. He mostly works for North Korea, as they are usually the highest bidders.
Was definitely Amazon.
Calling it now the company was Amazon
128K for Pornhub? Legend.
Bro got no adverts for free.
Bitcoin, I think
ewe
@@apoozeo1715 Bitcoin isn't a company, dude. 😂
I would totally rake that credit if it was a Darknet market. ;)
I emailed McDonald’s explaining how their app could be abused and people could get free meals over and over for free. I was expecting some sort of payment. They sent me a gift card for a free meal 😂
Thats on you bro - you should have told them that you know about an exploit and then negotiate a reward BEFORE sharing the info.
Did it get fixed? If not hook us up.
@@damian597 i was aboit to say the same lol
You were supposed to tell them about an exploit and negotiate compensation then you give the details. If you're good at something, don't do it for free
Fuck, you reported that? I thought they just hooked on to me after I got 5 meals for free over the week 😂 my app stopped launching properly for a day then started charging for meals again. Hungry jacks have fixed their shake n win pick what you want also :( was great while it lasted. Proves you should test your apps before launching them
First sign of a lie is breaking eye contact on response to a direct question
He was very subtle with telling us he chose the credit instead of the cash. There isn’t much out there that would be worth that.
I can barely write a damn web application. Always admired these guys.
“If I did, I’d be sure to report it to apple.” Oh ok, gotcha….
Does this remind anyone else of the scene in 21 Jump Street with Channing Tatum and the nerds when he asks the curly headed dude if he can install a bug on someone’s phone😂🤣 It’s so perfect lmao even the little laugh at the end😂
This shit is awesome to hear about especially when you’re a novice in cybersecurity and all that stuff
smart guy putting that "disclaimer" in there for Apple with a little giggle👍🏽
This dude has a bunch of V bucks
That's a ridiculously small amount. Most wallet apps have bug bounty programs in the order of 100k+. These companies often have a valuation that is a tiny tiny fraction of Apple's.
"If i did, i would report it to apple" that smurk at the end says different 😂😂
$128k in credit? I'm betting it was Amazon. If not, then likely a major tech manufacturer.
Bro's going to have Amazon prime for the rest of his life 😂💀💀
For newbies, that means the bug you find is worth much more
I found a bug in Super Mario 64,
…. Ok … hold my bottle of Jäegermeister
No lol, the don’t pay the advertised price. Programs now trying to use anything they can to minimize impact, or call it out of scope so they can not pay you or shrink the payout. Best to keep the research to yourself at this point
Amazon all day, my guess is something to do with those gimmicky buttons that order things for you, they seem like a liability.
I'd guess it's specifically AWS
Bro just made an iPhone security commercial without knowing 🖌
That's not true the Israelis government can take over iPhones
The beekeeper gave him a visit 😂
Its worth a lot more than a million to not share the vulnerabilities, and he knows it.
Respect 🏆
Dude must really like using AWS!
Hackers were paying more than 2 M for iOS zero click exploits a few years ago. I'll imagine it's now more. (btw the value was slightly larger for Android)
Sounds like something GameStop would do.
I remember when trade me first started they had a problem with orders & payments you could just order as many things as you wanted & collect it all for free without payment. The company was liable so paid out all of the transactions from the distributers that didn't get their money for the items. Which wasn't a lot because regular civilians didn't know there was an exploit.
thank you for sharing that.
His $128,000 credit might be PayPal, but wouldn't the "credit" just be considered cash since he could move it to a bank?
Must be Amazon. Explains the amount which the company could've afforded and also why would he be willing to accept it....
he definitely found something on the new phones
Hahahaha facts
Shawn Please ask this guy about the dominion election computers.
100%
That's a big Amazon gift card
This is common sense beginning of tech. My brother was trained by airforce on original 90s net. Then worked for cell companies. Said he'd try getting into places he wasn't allowed on random sites or servers. Then anonymous dropped tips on how he "thought they" did it. Never got paid. He never reported flaws to nextel or sprint though because they paid him for installation of software an maintenance not protection from exploits. Had they only gave bonuses to get pll to report the flaws. After all "you pay me to maintain your system not test an write code."
Amazon no doubt. I can’t imagine taking credit on anything else
Protect this man at all costs!
Humble, high integrity by nature and all in for the greater good.
@@JetofOZ-vs5rr well, he's pretty clear about the fact he's making money using his skills.
Imagine having that talent, see that you can do great things with it AND a decent income... And then go: 'MEH... Not gonna use this to provide for myself and others, and do some good".
If I did find it I would be sure to report it to Apple, and won't sell it to the governmenta around the world who will pay me Millions more. 😂😂
Bro said “no” like a little kid who’s asked if he got in the cookie jar
RIP to the hackers that came up front admitting they have created a no click bug into any apple phone!
Apple would probably pay them then offer them a job. Hackers are usually extremely well connected, Apple doesn’t benefit at all if word got out they don’t actually pay.
Especially since 1mill is NOTHING compared to the PR storm + loss of sales + class action lawsuit that could come from a major exploit going public. That could genuinely cost them Billions.
I love this shit Ryan I love the diversity you’re bringing onto your platform. My favorite channel to watch these days. Keep smashing player
The shorts or gold I don’t know how they work on your end, but every time I open UA-cam I’ve got more shorts on your channel
Nice job Apple - respect!
I believe if he hasn’t found a way then it just isn’t possible.
Yeah, their privacy record is something even the most Apple hating individuals don't tend to deny.
Amazon, Costco, Walmart... Could be loads of places
Who else thinks the $128,000 reward he won was for a cryto exchange where he was paid in crypto?
That would have been the best play.
no chance cryptos pay $1.2 million easily not 128k cause you can outrightly steal their whole shit.
maybe. Bug bounties are common in crypto. Still doesn't make sense why they offered to pay him cash, usually just crypto is the award.
Laughs nervously. You know he does that for free.
That's an NDA answer RIGHT THERE! 😂😂😂
There used to be a cool way to get around samsung phones being locked by owner google acc. You cant get rid of it using factory reset but you could download something to remove the lock using internet.
Normally you cant use the internet on the phone because its locked by google account but you could use next to speach disablity settings to get their privacy policy. They dont keep it on the device so it opens up in chrome, then you use that to download this thing but i forgot what it was called.
Who is this young man ?
He's slick.
Ryan M. Montgomery olso known as 0day, he's first on tryhackme leaderboards
@@filippodeluca9464 what’s tryhackme leaderboards? I’m so behind on these things.
My guess is 128k in credit on a CSP. Prob found a bug on GCP or AWS or something. Can't think of any platform where six figures in credit would be useful
Amazon
Gambling website
Comment section:
50% Amazon.
50% Steam.
Place your bets gentlemen.
He did😏watch the eye contact. Every answer that he looks left and smirks, that’s a definite yes
That is a damn good idea. Give the white hats a reason to really test your security. If you can stymie them you are probably good against the bad guys.
yes, but the vast majority of these hackers never get paid. its feast or famine in bug bounties, pretty much.
A zero click exploit to access an iPhone would easily be worth billions and an absolute PR disaster for apple. Government orgs around the world would pay big money for that.
Companies take advantage. Even big companies. Steam paid out a bug hunter 17k for a bug he found where he could reload his steam wallet with unlimited cash untraceable . Bug hunters were furious n thought he should have been paid at least 170k. Steam has a bad reputation now with the hacking community . Big corporations all around the world are fucking the good guys over because there are no proper regulations in place. It's easier to be the bad guy....
In the new iPhones hahaha that means homie was busting the old ones back in the day. Glad there’s incentives to keep these intelligent people working for the good side. Dude could do a lot of damage
who exactly are the good side ? im not sure anymore
Bro got 5 million vbucks collecting dust
Taking it in credit is smart, you would be set for life with that platform.
AI vulnerabilities are going to be crazy. You can patch software but if an AI is buggy companies just train it on a new dataset. Kernel techniques work for identifying adversarial attacks but it's not going to be effective enough.
My boi chose loyalty points over cash. What a trooper.
i was 100% thinking amazon aswell
Bro got the Purple Party Hat on credit
Sounds like Amazon did him a favor
The people like this man that looks the lease harmless are the ones you should fear.
Why
This man hacks pedophiles on the dark web and gets them arrested...I'd say he's a pretty decent human being....have you watched his 2.5 hrs interview on this channel? If you haven't I highly suggest you do, he's saving children by what he's doing
I GOTTA SEE THIS!
My friends dad claims he made most of his money as a whiteknight hacker. He said he spent most of the early 80s and then 90s working with banks hacking their websites since back then security was very lacking
It was amazon
It was Trojan, he took the credit because the ladies just can’t resist him
I feel like he found an Apple vulnerability but part of the $1m deal was to say he never found a vulnerability on an iPhone
Cause they want people to think IOS vulnerabilities don't exist? They get published all of the time, lol
My best guess is a car company. I know they use a lot of hackers to prevent bugs, especially with everything moving towards digital. 128k would get you a lifetime supply of cars or some very very nice ones. Makes the most sense to me…
Carvanna? Lol I was thinking maybe eBay or amazon
That’d be sweet
You must be talking lease prices because 128 grand can't even buy you 2 trucks nowadays.
@@MikeWhite-zs2st could buy you like 5 Hondas and those things last for 20 years lol
They pay you $1 000 000 and then execute their entire engineering squad
Who will implement the fix ?
College undergrad
i hate those zero click things, everyone used to think they were so funny sending you “effective power”
That why I studied cybersecurity 😂
Bet it was paypal
He definitely did find zero-click Apple exploits but he knows damn well, nation state actors pay alot more then a million for those 😂😂😂
Finding any zero-click exploit of significance is like a one-in-a-million thing, so no. Most software never even has any discovered in their entire history.
no he didn't. He's not Neo.
@@MsHojat its called a joke nerd, look it up.