Apple launches new program to lend special iPhones for security research

Shell access is available.

Engadget JP (Translation)
Engadget JP (Translation) , @Engadget_MT
2020年07月24日, 午後 04:22 in egmt

This article is based on an article from the Japanese edition of Engadget and was created using the translation tool Deepl.

On April 22, Apple announced the Apple Security Research Device Program, which will lend specially designed SRD (Security Research Device) iPhones to iOS security researchers.

The company had announced last August that it would distribute iPhones with "pre-set special permissions for anti-hacking" to security professionals, and now it's finally going to happen.

This SRD is less restrictive than the general sale version of the iPhone, making it easier to find serious security vulnerabilities. According to Apple, the device offers shell access and a choice of privileges (perhaps general user privileges or root privileges to control the system in general), but otherwise behaves similarly to a standard iPhone.

The device will be made available to researchers at a 12-month update pace, but remains the property of Apple. It is not allowed for personal use or daily transportation, no access is allowed to anyone other than those authorized by the company, and any bugs found must be reported "promptly" to Apple or an appropriate third party.

It also "strongly encourages" reporting of vulnerabilities without using SRD, as there is no obligation, but there is a bounty from the bug bounty program for finding vulnerabilities. However, when you use SRD to find a vulnerability, you are still eligible for a reward, and it is not a free service.

Apple is now accepting applications for its Security Research Device Program. Eligibility requirements include participation in the Apple Developer Program and a proven track record of discovering security issues on the Apple platform, the company said. Applicants who meet those requirements but are not lent an SRD will be automatically considered during the next application period in 2021 and will not have to reapply again.

It was also reported that researchers and hackers who are finding iPhone vulnerabilities previously unknown even to Apple are obtaining "development iPhones" with many of the security deficiencies disabled for internal Apple development. This official SRD offering may be aimed at deterring such development iPhones from being traded on the black market.

Source: Apple

This article is based on an article from the Japanese edition of Engadget and was created using the translation tool Deepl. The Japanese edition of Engadget does not guarantee the accuracy or reliability of this article.

【Engadget Live】iPhone 12発売日速攻レビュー


TechCrunch 注目記事新型コロナのソーシャルディスタンスを支援するビデオチャットアプリ8選

新型コロナウイルス 関連アップデート[TechCrunch]


関連キーワード: egmt, Apple, iphone, security, bountyprogram, zeroday, news, gear