Apple’s Annual Applications for Free Hackable iPhones Are Now Open
The latest round of Apple's Security Research Device (SRD) program is now open, which means security researchers can apply for an unlocked Apple device. The chosen security researchers will also be allowed to test the device's security capabilities by attacking it.
The applications for the program will remain open till 31st December this year, and approved applicants will be notified early in 2024.
As the tech giant explained in a blog post, the selected applicants will receive a specially-built hardware variant of iPhone 14 Pro that's designed exclusively for security research".
Highlighting the iPhone as the world's most secure consumer mobile device", Apple pointed out that even the most skilled security researchers can find it a challenge to get started.
The Security Research Device (SRD) is a specially built iPhone that enables security researchers to conduct their work without needing to bypass the iOS security features.
Researchers are also granted Shell access and allowed to run any tools, pick their own entitlements, set NVRAM variables, and install and boot custom kernel caches and firmware for the latest iOS 17 features.
To put it simply, the SRD models come with options to disable or configure iOS security features that you can't change on a regular, retail iPhone.
How Does the Security Research Device (SRD) Program Work?Security researchers with a proven track record of success in discovering security flaws on Apple platforms or other modern operating systems may apply for the SRD program.
Only applicants who haven't been employed by Apple in the last 12 months or aren't currently employed by the company are eligible for the program. Other eligibility criteria include being of legal age and being based in an eligible country or region.
The selected applicants will be given the SRD on a renewable 12-month loan once their application is approved.Apple makes it clear that the device is meant strictly for security research purposes in controlled settings and will remain a property of Apple the whole time.
Only people authorized by Apple to use and access the SRD may do so. The SRD is also to be kept at the premises of the chosen program participants at all times, which means they cannot carry it daily or use it as a personal device.
After testing, validating, verifying, or confirming a vulnerability, security researchers are required to report it to Apple. Any bugs in third-party code need to be reported to the relevant third party.
Our ultimate goal is to protect users, so if you find a vulnerability without using the SRD for any aspect of your work, we'd still like to receive your report.AppleAll eligible reports are considered for rewards through the Apple Security Bounty program. Last year, the tech giant raised the maximum reward to $500,000, along with various bonuses that might be available depending on the severity of the problem.
Apple revealed that since the start of the SRD program in 2019, security researchers have uncovered 130 high-impact, security-critical vulnerabilities.
The 100-odd reports from SRDP researchers have resulted in several awards worth $500,000 or more, with a median award of around $18,000.
The post Apple's Annual Applications for Free Hackable iPhones Are Now Open appeared first on The Tech Report.