Apple sending out special, more open iPhones to security researchers

The special iPhones should make it easier for researchers to probe iOS for flaws and fix vulnerabilities


Apple’s recently announced ‘Apple Security Research Device Program‘ is now sending special research iPhones to security researchers.

Back in July, Apple announced the program, which will provide special iPhones equipped with unique code execution and containment policies. These devices will help security researchers hunting for vulnerabilities in the software and hardware. The iPhones are less locked down than the devices sold to consumers but are as close as possible to production phones. Further, the special devices won’t require researchers to jailbreak them to do research.

The program comes after several vulnerabilities were found in iOS last year, including iMessage security issues that didn’t require interaction from users and five exploits that had been used by malicious websites for years. Apple also launched a bug bounty program late last year that could payout up to $2 million to researchers who find bugs in iOS, iPadOS, macOS, tvOS or watchOS.

Apple began adopting these systems to help catch and fix vulnerabilities more quickly. Ideally, these programs could prevent vulnerabilities from being used in the wild, or reduce the amount of time they’re effective. A core piece of security research involves open access to hardware and software, which is why Apple’s Security Research Device Program should be a boon to security researchers. To compare, much of the underlying software in Android is open source and accessible by researchers. This allows security teams to more easily probe the software for flaws and vulnerabilities compared to iOS on an iPhone.

MacRumors reports that Apple began notifying the first researchers set to receive special iPhones through the research program starting December 22nd. Further, those special iPhones will be sent out right away. The program’s terms allow participating researchers to loan the devices for one year, although it’s possible to extend that period.

Apple will also provide extensive documentation and a dedicated forum with Apple engineers for researchers to collaborate with. The program runs alongside the bug bounty program.

You can learn more about the Apple Security Device Program here.

Source: MacRumors