Apple may soon open and expand its security programs, with the Cupertino-based company reportedly set to hand over unique iPhone models to security researchers and start a Mac bug bounty program.
According to a report from Forbes, Apple plans to unveil the new initiatives at the Black Hat security conference this week.
On the iPhone side, Apple will reportedly give security researchers participating in its invite-only bug bounty program special iPhones. These iPhones will reportedly be like “dev devices” that could allow researchers to probe pieces of Apple’s iOS that aren’t easily accessible on a regular iPhone.
Further, these unique devices could allow researchers to stop the processor and inspect memory for vulnerabilities.
However, these devices won’t be as unlocked as those given to internal Apple developers and security teams. Forbes says that researchers likely won’t be able to unlock and decrypt the iPhones’ firmware.
Forbes also reports that the move could help reduce the number of leaked developer devices, which are often sold on the black market. These are popular with hackers as it makes it easier for them to infiltrate and study secure iPhone components that are typically locked down on retail devices.
As for the Mac bug bounty program, the report suggests it will operate like the iOS bug bounty. It will reward security researchers for vulnerabilities they discover in macOS.
The lack of a bug bounty program for Mac hasn’t made a lot of sense, and in the past has lead to researchers refusing to hand over details about vulnerabilities. For example, in March, German teenager Linus Henze discovered a vulnerability with Keychain, which could allow someone to gain access to stored passwords on a Mac.
Henze initially refused to provide details to Apple because of the lack of a bounty program. Ultimately, he gave the information over for free.
Very excited to return to the Black Hat stage this year to talk about some world-class Apple security features! iOS code integrity and Pointer Authentication Codes, Mac secure boot with the T2 Security Chip, the crypto behind the Find My feature, and more: https://t.co/ftnHs3iBO5 https://t.co/SzkzTt354z
— Ivan Krstić (@radian) June 26, 2019
Apple’s head of security and engineering, Ivan Krstić, will take the stage at Black Hat to talk about Apple security features. We’ll likely learn more from Krstić’s presentation.