Security researchers now eligible for bug-hunting iPhones

Apple also reveals tenfold increase to its bug-bounty rewards

iPhone X with notch

Apple has revealed it will distribute bespoke iPhones to select security researchers designed to help make it easier for them to find bugs and vulnerabilities.

The special devices will come with a root shell which allows researchers to access a deeper depth of the iPhone, previously made inaccessible, and run commands with the highest possible privileges to scan for issues, the company revealed at Black Hat.

"We want to attract some of the exceptional researchers who have thus far been focusing their time on other platforms. Today many of them tell us they look at our platform and they want to do research but the bar is just too high," said Ivan Krsti, head of security engineering and architecture at Apple, as reported by Wired.

The phone will also come with advanced debug capabilities and secure shell (SSH) to make it easier for bug hunters to search the phone for flaws. The phones will only be given to researchers with a stellar research track record on any platform, not just Apple's, and they'll start rolling out next year.

Alongside the announcement, Apple also said its bug bounty program will be expanded in terms of both the bugs it will pay out for, and how much you can get for successfully finding a flaw.

The maximum potential reward is now set at $1 million, up from $100,000, and will now cover bugs found across iOS, macOS, tvOS, watchOS and iCloud, rather than just iOS.

Researchers can earn an additional 50% bonus on top of their original reward if they discover a bug while the code is still in beta, for a potential total payout of $1.5 million.

"The second-best reason to have a bug bounty is to find out about a vulnerability that's already in the users' hands and fix it quickly," said Krsti. "The number one best reason is to find a vulnerability before it ever hits a customer's hands."

The announcements will surely come as welcome news to researchers who, in the past, have been open about withholding discovered vulnerabilities from Apple, specifically with macOS, until they open a more comprehensive bug bounty programme.

Apple's iPhones have been the subject of a few security incidents this year. In January, an individual discovered a bug in Apple's FaceTime feature which would allow anyone to gain access to a user's camera.

Most recently, Google disclosed a slew of vulnerabilities in iMessage which allowed an attacker to execute code on a device by sending a malformed message.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

IT security awareness and training firm KnowBe4 acquires MediaPRO
Acquisition

IT security awareness and training firm KnowBe4 acquires MediaPRO

3 Mar 2021
High-risk email security threats increased by 32% last year
phishing

High-risk email security threats increased by 32% last year

3 Mar 2021
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

3 Mar 2021
Microsoft Exchange targeted by China-linked hackers
zero-day exploit

Microsoft Exchange targeted by China-linked hackers

3 Mar 2021

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021