Security researchers now eligible for bug-hunting iPhones

Apple also reveals tenfold increase to its bug-bounty rewards

iPhone X with notch

Apple has revealed it will distribute bespoke iPhones to select security researchers designed to help make it easier for them to find bugs and vulnerabilities.

The special devices will come with a root shell which allows researchers to access a deeper depth of the iPhone, previously made inaccessible, and run commands with the highest possible privileges to scan for issues, the company revealed at Black Hat.

"We want to attract some of the exceptional researchers who have thus far been focusing their time on other platforms. Today many of them tell us they look at our platform and they want to do research but the bar is just too high," said Ivan Krsti, head of security engineering and architecture at Apple, as reported by Wired.

The phone will also come with advanced debug capabilities and secure shell (SSH) to make it easier for bug hunters to search the phone for flaws. The phones will only be given to researchers with a stellar research track record on any platform, not just Apple's, and they'll start rolling out next year.

Alongside the announcement, Apple also said its bug bounty program will be expanded in terms of both the bugs it will pay out for, and how much you can get for successfully finding a flaw.

The maximum potential reward is now set at $1 million, up from $100,000, and will now cover bugs found across iOS, macOS, tvOS, watchOS and iCloud, rather than just iOS.

Researchers can earn an additional 50% bonus on top of their original reward if they discover a bug while the code is still in beta, for a potential total payout of $1.5 million.

"The second-best reason to have a bug bounty is to find out about a vulnerability that's already in the users' hands and fix it quickly," said Krsti. "The number one best reason is to find a vulnerability before it ever hits a customer's hands."

The announcements will surely come as welcome news to researchers who, in the past, have been open about withholding discovered vulnerabilities from Apple, specifically with macOS, until they open a more comprehensive bug bounty programme.

Apple's iPhones have been the subject of a few security incidents this year. In January, an individual discovered a bug in Apple's FaceTime feature which would allow anyone to gain access to a user's camera.

Most recently, Google disclosed a slew of vulnerabilities in iMessage which allowed an attacker to execute code on a device by sending a malformed message.

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021
Cyber attacks on manufacturing up 300% in a year
Security

Cyber attacks on manufacturing up 300% in a year

11 May 2021
US fuel pipeline hackers reveal their motive
ransomware

US fuel pipeline hackers reveal their motive

11 May 2021
Trend Micro and Snyk team up to combat open source flaws
vulnerability

Trend Micro and Snyk team up to combat open source flaws

10 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021