Weekly Podcast: Bug bounty programmes and vulnerable Volkswagen

In this week’s podcast, we look at Apple’s bug bounty programme, two vulnerabilities in cars and a 19-year-old’s recent bug bounty success.

Hello and welcome to the IT Governance podcast for Friday 12 August. Here are this week’s stories.

Bug bounty programmes, which reward hackers for finding vulnerabilities in websites or products, are becoming more and more popular.

Just last week, Apple announced its first ever bug bounty programme, offering up to $200,000. However, exploit brokerage firm, Exodus Intelligence, has a much better offer.

Anyone that sells a zero-day exploit for iOS to Exodus will receive $500,000. $300,000 more than Apple’s offer.

Why is Exodus offering more you ask? Well, zero-days are extremely valuable on the dark net – especially those that affect popular systems such as iOS. Our advice, if you were to stumble across an iOS zero-day, would be to hand it over to Apple.

A flaw in cars made by Volkswagen Group manufacturers since 1995 (roughly 100 million), is leaving the vehicles vulnerable to a wireless hack.

Wired reports: “Later this week at the Usenix security conference in Austin, a team of researchers from the University of Birmingham and the German engineering firm Kasper & Oswald plan to reveal two distinct vulnerabilities they say affect the keyless entry systems of an estimated nearly 100 million cars. One of the attacks would allow resourceful thieves to wirelessly unlock practically every vehicle the Volkswagen group has sold for the last two decades, including makes like Audi and Škoda. The second attack affects millions more vehicles, including Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot.”

More information on these two hacks is available on the IT Governance Blog.

Back to bug bounty programmes. 19-year-old vulnerability researcher, Olivier Beg, has been rewarded one million air miles by United Airlines after finding more than 20 holes in the company’s software.

One of the vulnerabilities Olivier uncovered earned him a massive 250,000 air miles alone.

Olivier has previously found vulnerabilities in software developed by other companies, including Yahoo, Google and Facebook.

Well, that’s it for this week. Don’t forget to comment below, telling us a bit about yourself and what you’d like more information on. And, until next time, remember that you can keep up to date with the latest information security news on our blog.

Whatever your cyber security needs – whether regulatory compliance, stakeholder reassurance or just greater business efficiency – IT Governance can help your organisation to protect, comply and thrive. Visit our website for more information: itgovernance.co.uk.