A report a few months ago revealed there’s a booming black market for developer iPhones that can be used to hunt down undiscovered iOS vulnerabilities. While they cost thousands of dollars each, the investment might be worth it to hackers looking to sell their iPhone security-cracking discoveries to the highest bidder.
Apple is quick to patch new vulnerabilities, but the company wants to expedite the process. To do so, Apple will reportedly provide security researchers iPhones similars to the ones being sold on the black market. These jailbroken devices are supposed to make it easier for devs to figure out iOS code issues and report them back to Apple before hackers get a chance to abuse the same holes.
Trusted “rock star hackers” who are part of Apple’s invitation-only bug bounty program will be the recipients of these jailbroken devices. That means Apple will be able to control who gets access to these devices and avoid having them spill over into the same iPhone black market. Per Forbes, these devices will be almost as powerful as Apple’s own devices, but they’ll be “lite” models with no access to the decrypted iPhone firmware.
What makes these iPhones special? One source with knowledge of the Apple announcement said they would essentially be “dev devices.” Think of them as iPhones that allow the user to do a lot more than they could on a traditionally locked-down iPhone. For instance, it should be possible to probe pieces of the Apple operating system that aren’t easily accessible on a commercial iPhone. In particular, the special devices could allow hackers to stop the processor and inspect memory for vulnerabilities. This would allow them to see what happens at the code level when they attempt an attack on iOS code.
It’s unclear which specific iPhone models Apple will provide to these trusted researchers.
Additionally, Apple wants to open a Mac bug bounty program that will also offer financial incentives to researchers who find vulnerabilities and alert Apple. It’s unclear when the Mac bug bounty program will be announced. Apple might reveal more details on Thursday when Apple’s head of security and engineering Ivan Krstić will deliver a Black Hat talk titled Behind the Scenes of iOS and Mac Security.
