Apple seeding Dev-Fused iPhones to security researchers


23, 2020

After years of security by obscurity, Apple has finally embraced the security community with a number of initiatives, one of which is seeding “jailbroken” iPhones to security researches to make their exploit-hunting work easier.

TechCrunch reports that Apple is sending so-called Dev-Fused handsets, which purposefully lack security protections and come pre-installed with dev tools such as SSH and root access, to security researchers to allow them to more easily hunt for bugs.

If they find weaknesses in the operating system Apple is now also willing to purchase the details from them as part of their bug bounty program, which can pay up to $1.5 million for the most serious bugs in Apple’s unreleased software.

The dev-fused handsets are not much different from jailbroken iPhones, but unlike those devices, they have the very latest version of the operating system, and developers have immediate access. Security researchers in the program also have access to extensive documentation and a dedicated forum with Apple engineers to answer questions and get feedback.

The program was announced last year at Blackhat and TechCrunch reports the handsets are being distributed now.

The move is expected to improve the security of iPhones and find bugs deep in the OS, often used by nation-states, faster. Hackers will be asked to submit bugs privately to allow Apple to fix them first.

Security researchers can apply for the program here.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}