Apple To Give Hackers Secret iPhones For Bug Testing [REPORT]

Updated on

With hackers getting smarter, it is imperative that tech companies also find new ways to keep users secure. That is why Apple is reportedly taking an unusual step of making available secret iPhones or pre-jailbroken iPhones to security researchers to make it easier for them to find bugs.

Apple is expected to make the announcement for the same at the Black Hat security conference in Las Vegas, says a report from Forbes citing sources aware of Apple’s plans. The conference started earlier this week and will continue until Thursday.

Apple would give these secret iPhones to security researchers who will participate in Apple’s invite-only bug bounty program. The reward for finding vulnerability under the program could go as high as $200,000. It is not the first time that we are hearing about these special iPhones. There were reports of Apple coming up with such iPhones in 2016 as well.

As per the Forbes report, these secret iPhones could be similar to the developer devices (or “dev-fused” iPhones), which are unlocked. However, they won’t be as open as the developer devices or the ones Apple gives to the internal staff. According to Forbes, these special devices will be a ‘lite’ version of the developer device, and researchers won’t be able to decrypt the iPhone’s firmware.

Still, such devices will allow security researchers to inspect even those parts of the iOS that are not accessible on a regular iPhone. For instance, these devices would allow researchers to stop the processor and monitor or check the memory for vulnerabilities at the code level.

The iPhones developed for testing by the internal staff are very popular among the security researchers and hackers. Such iPhones can even fetch quite a lot of money, a report from Motherboard said earlier this year. These devices – popularly called pre-jailbroken iPhones – could prove very useful to both security researchers and hackers.

Such iPhones are not complete from a production point of view and many security features are disabled as well. There is a big demand for such devices on the gray market, where they can sell for thousands of dollars. Apart from hackers and security researchers, these devices are also reportedly used by tech companies, such as Cellebrite or GrayKey to uncover bugs, which can then be exploited by law enforcement agencies.

One seller of dev-fused iPhones told Motherboard that he had sold such devices to several security researchers and he believed that major security firms use these devices as well. Thus, releasing similar devices under a bug bounty program could prove really helpful for Apple in detecting bugs in advance.

Along with these secret or pre-jailbroken iPhones, Apple is also expected to have a new macOS bounty program. The program, as you may be aware, will reward those who find vulnerabilities in the macOS.  It must be noted that a security researcher, in February, revealed a macOS vulnerability that could allow access to Keychain passwords. The researcher did not share the details of the exploit initially with Apple as there was no bug bounty program for macOS.

Apple may announce both – a new macOS bounty program and the special iPhones – on Thursday. Apple’s head of security engineering, Ivan Krstić, is set to give a “Behind the Scenes” look at the iOS and macOS on the same day.

As per the teaser on the Black Hat website, Krstić would primarily talk on three things – the T2 security, the new Find My app, and code integrity enforcement.

“We will discuss three iOS and Mac security topics in unprecedented technical detail, offering the first public discussion of several key technologies new to iOS 13 and the Mac,” the website reads.

In separate news, we may have the exact release date of the 2019 iPhones. Apple usually announces new iPhones within the first two weeks of September followed by a launch a week later. If the recent comments by President of Japan’s Softbank are anything to go by, then the new iPhones could hit the shelves on September 20.

In an investor conference earlier this week, Ken Miyauchi of Softbank was asked about his company’s iPhone plans regarding the Telecommunications Business Law, which will come into effect starting October 1, requiring local carriers to offer separate voice and data packages. While replying to the question, Miyauchi said they will decide on it during the 10-day timeframe.

Although Miyauchi did not elaborate any further, this little piece of information tells a lot about the iPhone 11 release. A ten day timeframe to the October 1 timeline suggests that the iPhone 11 series could launch on Friday, September 20. Such a launch is in line with Apple’s last year iPhone schedule. The iPhone Xs hit the shelves on Friday, September 21, 2018.

Leave a Comment