Apple provides hackers with a jailbreak version of the iPhone, making it easy for them to find Apple phone vulnerabilities.
Editor’s note: This article is from WeChat public account “iFeng Technology” (ID: ifeng_tech ), the author Yu Yu.
Has Apple become open? At least from a network security perspective, this seems to be the case. Apple is preparing to provide hackers with a jailbreak version of the iPhone, so they can find Apple phone vulnerabilities.
Black Hat Security Conference will be held in Las Vegas, USA later this week. According to the news, Apple will announce a special version of the iPhone for security researchers at the conference, further facilitating hackers to find iPhone weaknesses. Apple will also announce the Mac Vulnerability Rewards program, so researchers who find macOS vulnerabilities will also be rewarded.
Special Edition iPhone
This special edition iPhone will only be available to well-known hackers who are involved in Apple’s invitation-only vulnerability awards program. Apple announced the vulnerability award program at the 2016 Black Hat Conference, which provides bonuses for participants who disclose vulnerabilities in Apple products, up to $200,000.
How special are these iPhones? According to people familiar with the matter, they are actually development devices, and there is far more to do than the traditional locked iPhone. For example, it should be able to allow researchers to explore a piece of the Apple operating system that is not possible on a commercial version of the iPhone. In particular, it allows hackers to block the processor from running and check the memory for vulnerabilities. This allows hackers to see what’s happening at the code level when trying to attack iOS code.
However, these special edition iPhones and Apple’s internal employees use iPhones that are not exactly the same. They belong to the “lightweight” iPhone and don’t enjoy the same openness as the Apple security team. For example, Apple is unlikely to allow hackers to decrypt iPhone firmware, which supports a lot of iPhone functionality.
In addition to trying to improve the security of the iPhone, Apple’s move is also in response to the leak of the development device. Apple development devices will be sold in the black market after being leaked. In recent years, this kind of development machine has become a weapon for hackers to study Apple’s most sensitive code. Although Apple’s latest strategy will increase the chances of iPhone leaks, Apple will review the participants in the Vulnerability Rewards program and will likely have some control over the development machine. Apple’s move can also be seen as a secret sale of counter-development machines.
Mac Vulnerability Reward Program
For Apple’s Mac Vulnerability Rewards program, it’s unclear whether the bonus amount is similar to the iOS vulnerability reward program, but it’s a long-awaited project for security researchers. In February of this year, 18-year-old Linus Henze discovered a macOS vulnerability that allowed him to view passwords in keychains. But because Apple does not offer rewards, he refused to provide details of the vulnerability to Apple.
“If you’re a big, resource-rich and security-conscious company like Apple, the Vulnerability Bonus Program is something you don’t want to think about.” Apple equipment management company Jamf chief security researcher Patrick Wardell ( Patrick Wardle) said. Wardle has discovered multiple macOS issues.
More information is expected to be announced on Thursday. At that time, Ivan Krstić, Apple’s head of security and engineering, will deliver a speech entitled “The Behind the Scenes of iOS and Mac”, promising to provide “unprecedented technical details” on the iPhone and Mac.
Apple declined to comment.