Apple Starts Issuing Special iPhones To Bug Bounty Hunters To Help Identify And Report Issues
Apple has announced that it has now started to seed security researchers with special versions of the iPhone that make it easier for them to find and then report flaws. Apple first announced that it would do this at the Black Hat conference in August of last year.
The fact it’s taken almost a year to get these iPhones out the door is interesting, but better late than never, right? Apple says that the new iPhones will be essentially jailbroken with SSH access made available. That’s something researchers have been crying out for in particular.
The Security Research Device (SRD) is intended for use in a controlled setting for security research only. Shell access is available, and you’ll be able to run any tools and choose your entitlements. Otherwise, the SRD behaves as closely to a standard iPhone as possible in order to be a representative research target.
However, Apple won’t be making these special iPhones – part of the new Apple Security Research Device Program – available to anyone who asks for one. Instead, Apple will be choosing the people that will get in on the program. You can apply, but if you don’t get onto the list you’ll have to wait a year.
Participation in the Security Research Device Program is subject to review of your application. Device availability is limited. Devices will not be available for all qualified applicants in the initial application period. Qualified applicants who do not receive a device during this period will automatically be considered during the next application period in 2021.
Apple has long been accused of harming its own device security by making it more difficult for security researchers to help find problems with its devices. Apple’s stance started to soften with the arrival of a new bug bounty program however, and this availability of special iPhones is the next step in that process.
You can head over to Apple’s webpage here to signup for the program and get started.