Security Experts Receive Rooted iPhones for Research

image credit: Computerworld

By Chand Bellur

July 24, 2020 at 1:48 p.m. PT

  • Apple’s Security Device Research Project lends iPhones with secure shell (SSH) and root access to security professionals.
  • In addition to Apple’s relatively new Bug Bounty program, these “dev-fused” iPhone models will help lock down the iPhone.
  • Only top security experts can borrow these enhanced iPhone models, for the sole purpose of working with Apple on securing iOS.

Apple Loans “Dev-Fused” iPhones to Security Experts

While it’s debatable whether Apple products have more or fewer vulnerabilities than the competition, severe breaches are non-existent. Recent studies have shown that Apple devices face more malware attacks than other products; however, these are relatively harmless adware exploits. Apple users typically don’t have their devices locked out with ransom demands.

Recent conflicts with the FBI and Attorney General William Barr underscore Apple’s tight security. Apple can’t unlock their devices, and the FBI must hire third-party security firms to accomplish the task. It takes them months to unlock an iPhone with brute force.

Attaining tight security isn’t easy. As devices communicate more with cloud-based services, opportunities for hacking become more common. Just recently, prominent Twitter users had their accounts stolen by hackers. Although it wasn’t a technically sophisticated attack, it’s all the more reason technology providers must double down on security.

For all of these reasons, Apple recently started loaning top security experts special iPhones. These devices are rooted and offer SSH access. This allows developers to interact with the inner-workings of iOS and discover new vulnerabilities.

What’s a Dev-Fused iPhone?

Apple is loaning qualified security experts iPhone models with unique versions of iOS. These devices allow root access and SSH. These technologies enable experienced developers to issue commands which help debug data that are usually off-limits. It’s like giving a detective the schematics for an alarm system to figure out how to break it.

Before Apple loaned out these exclusive iPhone models, security analysts could only jailbreak devices. Jailbreaking is similar to rooting. It allows users to bypass some iOS protections; however, it’s not as useful as a dev-fused device.

Security Experts Actively Collaborate with Apple

Loaning security specialists rooted iPhones with SSH access is part of a more extensive program. It’s not about lone wolves hacking away, looking for security holes. Instead, the carefully selected participants have access to Apple engineers to answer any questions.

Security experts also have good reason to help Apple. Beyond large bug bounties, some of which pay out one million dollars, finding a critical vulnerability can elevate a security expert’s status in the community. Apple provides strong incentives for finding security flaws. This should keep Apple devices secure for years to come.

Leave a comment

Your email address will not be published.