Apple is inviting security researchers to apply to receive modified aka jailbroken iPhones to help them hunt for flaws in iOS
Apple is making good on its promise to allow security researchers to probe the iPhone for security vulnerabilities. The Cupertino giant has asked security researchers to apply for the modified iPhones. The company said it will provide modified iPhones specifically designed to allow hackers to search for flaws in the device’s iOS mobile operating system.
Apple announced the new Apple Security Research Device Program, designed “to help improve security for all iOS users,” to get more security researchers to study iOS vulnerabilities. The program will provide a specially modified iPhone — a Security Research Device — that will give trusted hackers and security researchers unprecedented access to the inner workings of the device.
The modified iPhones to be provided by Apple are nothing but jailbroken iPhones that will allow the security researchers to escape the sandbox and obtain superuser access to iOS. The modified iPhone will also have various protections iOS disabled. It will also allow the security researchers the read/write access to the system partition and disables signature verification. This will allow the researchers to test unsecured iOS Apps as well as study the effect of third party App stores like Cydia on the iPhone.
At last’s year’s Black Hat security conference, Ivan Krstic, head of Apple’s Security Engineering and Architecture, announced that the company would provide select security researchers with a special version of the iPhone in order to search for vulnerabilities. But Apple never did that. In the meantime, security researches have found serious flaws in iOS like the native Email App flaw which made millions of iPhones vulnerable to hackers. Researchers had warned Apple that the lack of transparency regarding the inner workings of the iPhone made it much more difficult for security experts to address flaws once they have been discovered.
The new Apple Security Research Device Program has few tough conditions. Security researchers have to apply for the program and Apple will release only a limited number of devices to a few selected applicants. In order to be considered for the program, the security researchers have to sign an NDA and must first notify Apple first of any security issues discovered on iPhone iOS. They also have to agree in writing to make disclosure only if Apple allows it.