James Delahunty
22 Jul 2020 21:03
Apple is to loan unrestricted iPhones to security researchers to help them discover vulnerabilities that threaten their security.
Apple pays out bounties of up to $1 million to researchers who find bugs in their products' that could potentially be used for nefarious purposes. It has started to loan Security Research Devices (SRD) to researchers with a record of finding such vulnerabilities.
These SRD iPhones are not restricted in the way off-the-shelf iPhones are. They will provide full root shell access to the researchers and allow them to run their own commands and so forth. This can't typically be done on an iPhone. Some devices that are jailbroken can be probed in this way but jailbreaks are rarer with newer iOS devices.
To apply to receive one of these devices, a researcher must be an account holder in the Apple Developer program, have a track record of finding security bugs, and also reside in a region Apple is comfortable with.
Any bugs found in Apple's code must be reported to Apple as soon as possible, and problems with third-party software are to be reported to the appropriate vendor. Researchers who have an SRD iPhone cannot use it for personal reasons, and it must remain on the premises of the researcher.