Security researchers now eligible for bug-hunting iPhones

Apple also reveals tenfold increase to its bug-bounty rewards

iPhone X with notch

Apple has revealed it will distribute bespoke iPhones to select security researchers designed to help make it easier for them to find bugs and vulnerabilities.

The special devices will come with a root shell which allows researchers to access a deeper depth of the iPhone, previously made inaccessible, and run commands with the highest possible privileges to scan for issues, the company revealed at Black Hat.

Advertisement - Article continues below

"We want to attract some of the exceptional researchers who have thus far been focusing their time on other platforms. Today many of them tell us they look at our platform and they want to do research but the bar is just too high," said Ivan Krsti, head of security engineering and architecture at Apple, as reported by Wired.

The phone will also come with advanced debug capabilities and secure shell (SSH) to make it easier for bug hunters to search the phone for flaws. The phones will only be given to researchers with a stellar research track record on any platform, not just Apple's, and they'll start rolling out next year.

Alongside the announcement, Apple also said its bug bounty program will be expanded in terms of both the bugs it will pay out for, and how much you can get for successfully finding a flaw.

Advertisement - Article continues below

The maximum potential reward is now set at $1 million, up from $100,000, and will now cover bugs found across iOS, macOS, tvOS, watchOS and iCloud, rather than just iOS.

Advertisement - Article continues below

Researchers can earn an additional 50% bonus on top of their original reward if they discover a bug while the code is still in beta, for a potential total payout of $1.5 million.

"The second-best reason to have a bug bounty is to find out about a vulnerability that's already in the users' hands and fix it quickly," said Krsti. "The number one best reason is to find a vulnerability before it ever hits a customer's hands."

The announcements will surely come as welcome news to researchers who, in the past, have been open about withholding discovered vulnerabilities from Apple, specifically with macOS, until they open a more comprehensive bug bounty programme.

Apple's iPhones have been the subject of a few security incidents this year. In January, an individual discovered a bug in Apple's FaceTime feature which would allow anyone to gain access to a user's camera.

Most recently, Google disclosed a slew of vulnerabilities in iMessage which allowed an attacker to execute code on a device by sending a malformed message.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

The road to recovery

30 Jun 2020