Apple talked about a hackable iPhone first at the 2019 Black Hat hacker conference and a year later it’s here. With a mixed opinion of being a positive or negative release, let’s dive into it.
Apple is known for its high priority of privacy for their phones compared to other companies. The security researchers that spend their time trying to break things to find vulnerabilities are the reason iPhone developers have been able to keep privacy so intact. Apple’s SRD program launch gives these security research the access to dive deeper into iOS and hunt bugs. These iPhones are made for the sole purpose of this research.
According to an article from Forbes, “security research devices will come with unique code execution and containment policies.” Systems can be looked at for inspection instead of looking at crash logs and screenshots.
This is the first time security researchers have access to the real thing in a hackers world. The iPhone will be as close to a standard iPhone as possible so the research stays on common ground. Security researchers will be able to really see how third-party apps operate which is a hot topic in this digital age. These “hackers” will not get the “dev-fused” iPhones that Apple’s own developers use, instead, they will get a dev-fused lite iPhone which makes it easier to find vulnerabilities in user-facing apps and services.
These iPhones are only being given to these security researchers in the program, which Apple can review.
The biggest issue with the SRD program seems to be the restrictions with vulnerability reporting. In the Forbes article, it says, “if you use the SRD to find, test, validate, verify, or confirm a vulnerability, you must promptly report it to Apple and, if the bug is in the third-party code, to the appropriate third party.”
The SRD program won’t be available to competitors like Google’s Project Zero, which has reported over 350 security vulnerabilities to Apple over the last five years.
Stay tuned on what the SRD program brings to the cybersecurity world!