APPLE IS PLANNING to equip security researchers with dev-friendly iPhones to help them better sniff out security flaws in iOS.
Apple's head of security, Ivan Krstic, unveiled the iOS Security Research Device program at the Black Hat cybersecurity conference in Las Vegas this week. From next year, it'll be open to those signed up to Apple's no-longer-invite-only bug bounty program, though only those who have a decent track record of high-quality research will be given one of the hacker-friendly devices.
Apple giving out pre-jailbroken research iPhones to security researchers starting next year, and will pay up to $1M for zero click remote chain with persistence 📱 pic.twitter.com/uiJNhb8AD8— Billy Ellis @ Blackhat/Defcon (@bellis1000) August 8, 2019
"This is an unprecedented fully Apple supported iOS security research platform," Krstic, clearly a man of few words, said.
As per The Verge, the handsets will come with ssh, a root shell, and advanced debug capabilities, all designed to make it easier for security researchers to uncover bugs before hackers do.
Researchers will now receive a bigger pay for sniffing out these bugs, too. Apple announced on Thursday that it's now offering up to $1m for a vulnerability that's persistent, could get kernel code execution, and doesn't require victims to click on anything; previously, the biggest bounty on offer was $200,000.
The firm's bug bounty program - which has been expanded to cover macOS, iPadOS, tvOS and watchOS - will also cough-up $500,000 for a flaw that provides zero-click access to high-value user data over a network without user interaction and $250,000 for a CPU side-channel attack via a user-installed app.
Apple also said that any researcher who finds a vulnerability in pre-release builds that's reported before general release will qualify for up to 50 per cent bonus on top of the bug bounty payout.
"We want to attract exceptional researchers who have been focused on other platforms," Krstic said. Jeez, calm down already. µ
Privacy of the ballot box
See how you don't get to like them Apples
Who do Yahoo think you are
Out to Glassture