The 14-year-old kid who accidentally discovered the recent FaceTime eavesdropping bug has been told by Apple that he will be eligible for the company’s bug bounty program.
Apple set up its bug bounty program in 2016, offering rewards of up to $200,000 for security researchers who find vulnerabilities on the company’s software platforms. It’s not clear how much Grant Thompson can expect to claim from Apple — although it will reportedly go toward his college tuition savings.
Thompson shared the news in an interview on CNBC‘s “Squawkbox.”
“I was just trying to call my friend, Nathan, to see if he wanted to play Fortnite,” he said, describing how he discovered the bug. “He didn’t answer right away, so I just swiped up and added my friend Diego, which forced Nathan to instantly join the call. We could both hear each other without him ever having to click the accept button.”
Thompson said that his friends tested the bug for around 30 minutes, before Thompson told his mom about it. She then tried contacting Apple for 10 days — reaching out via Apple’s online feedback forms, through Facebook, Twitter, faxing, phoning, and registering as a developer to send in a bug report.
For whatever reason, Apple failed to respond until the story was picked up by the media.
How Apple responded to this teen found the iPhone FaceTime bug from CNBC.
Improving how bugs are reported
Apple has since apologized for this and said that a bug fix is on the way, and that it aims to improve the ease with which members of the public can report similar vulnerabilities. It also taken the Group FaceTime servers offline so that the bug cannot be abused.
Thompson’s mom told CNBC, that:
“I was contacted late Thursday evening by a higher level executive at Apple. He asked if he could meet with me the following day, so he flew in. He met with Grant and I in my office, and he thanked us in person and asked for our feedback.”
The executive (whose name hasn’t been shared, but is a software engineering manager at Apple) then said that Grant is eligible for Apple’s bug bounty program. While the family has yet to hear what this will entail, Apple has said that it will follow up with details.
As for Thompson? “I’m still going to continue to use Apple,” he told CNBC. “This was just a one-time-thing. Every now and then, something like this slips through the cracks and can be found. But in general I think Apple tries to keep our privacy safe, and I respect that.”
Source: CNBC
