Skip to main content

Apple offers hackers free iPhones to hunt down iOS security bugs

(Image credit: Apple)

Apple will now provide leading researchers with modified iPhone devices to help try and spot iOS vulnerabilities

The Apple Security Research Device Program, which begins effective immediately, is designed to improve the efficiency of white hat hackers, by offering facilities that speed the interrogation process.

The special devices offer unique security privileges, including loosened code execution and containment policies, which afford researchers shell access and the ability to run any tool of their choosing. In effect, the iPhones are pre-jailbroken, removing friction associated with analysis and handing researchers unfettered access to iOS.

Otherwise, the devices behave as any other iPhone would, in order to best replicate real life security scenarios.

“As part of Apple’s commitment to security, this program is designed to help improve security for all iOS users, bring more researchers to iPhone and improve efficiency for those who already work on iOS security,” the company explained in a blog post.

iOS security

To qualify for the new scheme, security researchers must be an existing member of the Apple Developer Program, have a proven track record of weeding out vulnerabilities in Apple products and reside in one of the 23 eligible nations.

According to the blog post, device availability will also be limited at first and therefore not all qualified applicants will receive a modified phone. These candidates will be funneled automatically into the second application round, set to take place in 2021.

Successful candidates will receive a Security Research Device (SRD) on a 12-month renewable basis, on a few conditions. Apple stipulates that the phones must not be used as personal devices, nor removed from the premises used to conduct research. Access to the modified device must also be limited to the approved individual.

Researchers that use an SRD to identify a vulnerability will be considered for financial reward via the existing Apple Security Bounty program, with a maximum payout of $1 million.