The iPhones have been designed to offer security researchers greater access to run computer code on iOS, which should make it easier to find bugs in the software.
Apple will supply hacker-friendly iPhones to security researchers with a track record of uncovering vulnerabilities in Apple software as part of its newly announced Apple Security Research Device Program.
Experts will use the phones to search for serious bugs in iOS. Qualifying researchers can apply here to receive one.
The new devices are designed to address a double-edge sword when it comes to iPhone security. Apple has strict control over iOS, and how apps can be installed, which can prevent malware from infiltrating its software ecosystem. However, the same closed-off ecosystem can make it hard for security researchers to analyze iOS for vulnerabilities.
Those same vulnerabilities can be hugely valuable to state-sponsored cyberspies. Some companies that sell hacking tools to governments will even pay up to $2.5 million to own details about the most serious iOS security flaws.
In response, Apple last year announced it would eventually begin offering the best security researchers in the world access to hacker-friendly iPhones. These devices come with shell access, enabling the owner to execute any computer code they’d like. The code can also be run with varying degrees of security permissions.
within 90 days, otherwise they’ll release details about the threat to warn the public.
“It looks like we won’t be able to use the Apple ‘Security Research Device’ due to the vulnerability disclosure restrictions, which seem specifically designed to exclude Project Zero and other researchers who use a 90 day policy,” tweeted Ben Hawkes, who heads up the Google sponsored group.
Project Zero will continue examining Apple’s software platform for security vulnerabilities. Even without the hacker-friendly iPhones, the group has uncovered numerous flaws in the company’s software, Hawkes said. “I think we first asked Apple for a security research test device in 2014 or early 2015. And since then we’ve reported over 350 security vulnerabilities to Apple,” he added.
According to TechCrunch, security researchers who find bugs over the devices will be able to receive rewards via Apple’s bug bounty program. Depending on the vulnerability’s severity, a researcher can earn up to $1 million.
For now, Apple’s Security Research Device Program will only be available to researchers in 23 countries including the US. China and Russia are both absent from the list.
- US Charges 2 Chinese Hackers for Stealing Trade Secrets, Targeting Activists
- 7 VPN Services Found Recording User Logs, Despite ‘No-Log’ Pledge
- US Attorney General: Apple, US Tech Firms Are Becoming Pawns of China
- Russian Hackers Target Drug Companies to Steal COVID-19 Vaccine Research
- More in Apple
- More in Security