Last August, Apple announced that it would distribute special iPhones to elite security researchers. The idea was to offer a device that had fewer restrictions, allowing researchers to focus on security vulnerabilities more easily, without having to work on the standard iOS defenses first. Starting today, you can apply to get one.
Apple is opening its security research device program to analysts with an established history of searching for iOS bugs, as well as those with experience on other platforms who want to start on iOS. The company will loan the devices for one year with the possibility of renewing them, and participants will also have access to new security forums focused on the devices. If researchers “find, test, validate, verify, or confirm” a vulnerability using one of the special iPhones, they must report it to Apple, and to any relevant third parties, under the terms of the loan agreement.
Historically, relations between Apple and the security industry have been strained, in part because Cupertino has offered very little visibility on iOS. The new research phones serve as an olive branch, with the added benefit of helping to strengthen iPhone security. Outside professionals can investigate iOS from different angles, helping to find issues that can arise after an attacker bypasses iOS defenses.
Security researchers so far have had to turn to third-party jailbreaks and iOS emulators to get that insight. But Apple has aggressively tried to cut back on those efforts. The company sued mobile security and development company Corellium last year for making an iOS emulator. And Apple argues that jailbreaking, which is accomplished by exploiting hardware or software vulnerabilities, results in imperfect investigation due to the inherent differences in unadulterated iOS. Also, most jailbreaks only work on outdated hardware and older firmware versions, Apple argues, because the vulnerabilities used to achieve jailbreaks are fixed.
Security researchers focused on iOS told WIRED on Wednesday that the new devices will be useful in many ways. Essentially they will grant unlimited permissions within the operating system so that researchers can run code without the typical limitations of iOS and analyze how other programs work. This will help researchers detect vulnerabilities, but it will also make it much easier for them to analyze how Apple’s own software and third-party applications behave and manage data, whether they evaluate a prominent application like TikTok or possible spyware like ToTok.
“Security researchers have already proven quite successful in discovering flaws in both iOS security and privacy issues and third-party applications,” says Patrick Wardle, Apple security researcher at business management firm Jamf. “Armed with these new devices, they are likely to find only more. It would be able to more easily audit and analyze third-party applications on modern devices with the latest version of iOS. It would be a great victory for Apple users and The Apple itself.”
However, Wardle and others point out that this level of openness and insight cannot extend beyond the user-oriented parts of the operating system. That would mean the special devices would not help researchers analyze iOS’s core “core”, its startup procedures, the firmware that coordinates the hardware and software, or the hardware itself, such as the custom T2 security chip from Manzana.
“The devices seem to give researchers unrestricted access to only part of iOS,” says Will Strafach, an iOS researcher and creator of the Guardian Firewall app for iOS. “It’s a good start for vulnerabilities in user-facing apps and services, which can be easily fixed in an iOS update. But they appear intentionally no allow delving into lower-level security mechanisms, which may be more difficult to fix. “
Apple says it carefully designed research devices to behave like consumer products and provide researchers with as much information as possible without inadvertently creating exposure or risk to the hundreds of millions of iOS devices deployed worldwide. For example, security research devices are not the same as Apple’s own internal development prototypes, known as “development-fused” iPhones, which are much more flexible and open than consumer iPhones and leave many security features. iOS disabled. Still, the new security research devices are borrowers for a reason, and Apple will presumably carefully track and monitor them.
.
