For all we’ve made fun of Apple’s walled garden here, every once in a while, the company opens up just a bit. Case in point: today the company revealed it would be producing a limited amount of iOS ‘Security Research Devices.’ These appear to basically be iPhones with far deeper access than available to everyday users, including access to ssh, root shell, and ‘advanced debug capabilities.’ A jailbroken iPhone without having to do any jailbreaking.
Apple giving out pre-jailbroken research iPhones to security researchers starting next year, and will pay up to $1M for zero click remote chain with persistence ? pic.twitter.com/uiJNhb8AD8
— Billy Ellis @ Blackhat/Defcon (@bellis1000) August 8, 2019
The company made the announcement at the Black Hat conference today, an update to the bug bounty program it launched three years ago. The deeper access should make researchers’ lives a lot easier, able to access deeper iOS functions without waiting for a jailbreak to be available for every update. Even though researchers won’t have quite the same level of access as Apple itself, it’s a huge step in the right direction – one that should make it easier to catch an increasing number of attacks on Apple’s software.
iOS security research device program! pic.twitter.com/4NsKH1DMGd
— Jesse D'Aguanno (@0x30n) August 8, 2019
Keep in mind these devices won’t just be available to any aspiring white hat hacker – you’ll have to have a bit of a rep already. Apple says the program is “open to everyone with a track record of high-quality systems security research on any platform.” It’s a fair compromise; it means Apple lets security researchers do their jobs with deeper access while keeping everyday users safe.
The new devices will be available in 2020.
Via The Verge