A report a few months ago revealed thereâ€™s a booming black market for developer iPhones that can be used to hunt down undiscovered iOS vulnerabilities. While they cost thousands of dollars each, the investment might be worth it to hackers looking to sell their iPhone security-cracking discoveries to the highest bidder.
Apple is quick to patch new vulnerabilities, but the company wants to expedite the process. To do so, Apple will reportedly provide security researchers iPhones similars to the ones being sold on the black market. These jailbroken devices are supposed to make it easier for devs to figure out iOS code issues and report them back to Apple before hackers get a chance to abuse the same holes.
Trusted â€œrock star hackersâ€ who are part of Appleâ€™s invitation-only bug bounty program will be the recipients of these jailbroken devices. That means Apple will be able to control who gets access to these devices and avoid having them spill over into the same iPhone black market. Per Forbes, these devices will be almost as powerful as Appleâ€™s own devices, but theyâ€™ll be â€œliteâ€ models with no access to the decrypted iPhone firmware.
What makes these iPhones special? One source with knowledge of the Apple announcement said they would essentially be â€œdev devices.â€ Think of them as iPhones that allow the user to do a lot more than they could on a traditionally locked-down iPhone. For instance, it should be possible to probe pieces of the Apple operating system that arenâ€™t easily accessible on a commercial iPhone. In particular, the special devices could allow hackers to stop the processor and inspect memory for vulnerabilities. This would allow them to see what happens at the code level when they attempt an attack on iOS code.
Itâ€™s unclear which specific iPhone models Apple will provide to these trusted researchers.
Additionally, Apple wants to open a Mac bug bounty program that will also offer financial incentives to researchers who find vulnerabilities and alert Apple. Itâ€™s unclear when the Mac bug bounty program will be announced. Apple might reveal more details on Thursday when Appleâ€™s head of security and engineering Ivan KrstiÄ‡ will deliver a Black Hat talk titled Behind the Scenes of iOS and Mac Security.