Security researchers now eligible for bug-hunting iPhones

Apple also reveals tenfold increase to its bug-bounty rewards

iPhone X with notch

Apple has revealed it will distribute bespoke iPhones to select security researchers designed to help make it easier for them to find bugs and vulnerabilities.

The special devices will come with a root shell which allows researchers to access a deeper depth of the iPhone, previously made inaccessible, and run commands with the highest possible privileges to scan for issues, the company revealed at Black Hat.

Advertisement - Article continues below

"We want to attract some of the exceptional researchers who have thus far been focusing their time on other platforms. Today many of them tell us they look at our platform and they want to do research but the bar is just too high," said Ivan Krsti, head of security engineering and architecture at Apple, as reported by Wired.

The phone will also come with advanced debug capabilities and secure shell (SSH) to make it easier for bug hunters to search the phone for flaws. The phones will only be given to researchers with a stellar research track record on any platform, not just Apple's, and they'll start rolling out next year.

Alongside the announcement, Apple also said its bug bounty program will be expanded in terms of both the bugs it will pay out for, and how much you can get for successfully finding a flaw.

Advertisement - Article continues below

The maximum potential reward is now set at $1 million, up from $100,000, and will now cover bugs found across iOS, macOS, tvOS, watchOS and iCloud, rather than just iOS.

Advertisement - Article continues below

Researchers can earn an additional 50% bonus on top of their original reward if they discover a bug while the code is still in beta, for a potential total payout of $1.5 million.

"The second-best reason to have a bug bounty is to find out about a vulnerability that's already in the users' hands and fix it quickly," said Krsti. "The number one best reason is to find a vulnerability before it ever hits a customer's hands."

The announcements will surely come as welcome news to researchers who, in the past, have been open about withholding discovered vulnerabilities from Apple, specifically with macOS, until they open a more comprehensive bug bounty programme.

Apple's iPhones have been the subject of a few security incidents this year. In January, an individual discovered a bug in Apple's FaceTime feature which would allow anyone to gain access to a user's camera.

Most recently, Google disclosed a slew of vulnerabilities in iMessage which allowed an attacker to execute code on a device by sending a malformed message.



cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020
video conferencing

Zoom admits meetings don't use end-to-end encryption

1 Apr 2020

Most Popular


Google releases location data to show effectiveness of coronavirus lockdowns

3 Apr 2020
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020

These are the companies offering free software during the coronavirus crisis

2 Apr 2020