Apple announces developer iPhones with root access for security research

Share

The program was exclusively for iOS devices, which is something that has been criticized by security specialist and technology analysts, who argued Apple should expand the program.

At the time of launch, there were five different categories of risk and reward. The bug bounty programme will also be open to all researchers, not just those who were invited by the company.

As detailed by The Art of fix on YouTube and further expanded on by iFixit, attempting to replace the battery in newer iPhone models will often trigger a "Service" alert in the phone's Battery Health menu.

In this program, Apple will be supplying special iPhones to security researchers to help them find security flaws in iOS.

In addition to expanding the bug bounty program to all of its operating systems and iCloud, Apple will be increasing the maximum size of the payouts, from $200,000 per exploit to $1 million depending on the nature of the security flaw. The exclusive handsets will come with ssh, a root shell, and advanced debug capabilities.

Any individual or organisation interested in receiving the $1m bounty will have to demonstrate that they can gain complete control of a phone, simply by knowing a target's phone number, without any user interaction at all.

Prince Harry just shared the sweetest post about Meghan on her birthday
The birthday is Meghan's first as a mother, after she welcomed the couple's first child, son Archie , back in May. Harry reportedly whisked Meghan away for a romantic break in Africa to mark her 36th birthday, flying to Botswana.

This, called the iOS Security Research Device, will be application-only when it launches sometime next year.

Additionally, the tech giant also staked a 50 percent bonus for hackers who find vulnerabilities in its software before release.

This announcement or offer that is disclosed in Annual Summit of the Black Hat Securities. In the Art of Repair's video on the issue, after swapping a genuine Apple battery for a third party battery in an iPhone XS, the phone displayed a "service" message followed by an "Important Battery Message" stating that the phone is "unable to verify this iPhone has a genuine Apple battery". Justin notes the culprit behind the move is a Texas Instruments microcontroller that also has an authentication feature. iFixit was able to replicate the problem on an iPhone XS running both on iOS 12 and iOS 13.

Apple's decision to offer a $1m bug bounty has been criticized as potentially creating collusion opportunities and perverse incentives.

Apple has enabled a feature on its new iPhones that blocks users from accessing their battery health information if the battery was replaced by a third party.

Share