Almost a year ago, during the past month of August, Apple announced that it was creating a special iPhone for elite security researchers of all the world. The idea was to offer a device that had fewer restrictions, allowing researchers to focus on security vulnerabilities without having to work on standard iOS defenses first. In summary: a hackable iPhone.
How does this special iPhone work?
According to a source previously quoted by Forbes, it is explained that essentially these phones would be equivalent to partially unlocked development devices. For example, it should be possible to test components of the iOS operating system that are not easily accessible on a commercial iPhone.
In particular, these devices could allow hackers to stop the processor and inspect memory for vulnerabilities, to see what happens at the code level when they try to attack system code. Obviously, the level of openness will not be that enjoyed by Apple’s own security team and, of course, it is certain that Apple will not allow third parties to decrypt iPhone firmware, the software that supports much of the functionality of the device.
The company will loan the devices for a year with the possibility of renewing them, and participants will also have access to new security forums focused on the devices.
However, its availability will be limited to a number of previously selected analysts, with an established history of searching for iOS bugs, as well as those with experience on other platforms who want to start on iOS. Although the fact that this program requires a special invitation, it seems more focused on Apple being able to maintain strict control over it, making sure that the vulnerabilities found are not made public.
In this way, if researchers “find, test, validate, verify or confirm” a vulnerability using one of the special iPhones, they must report it to Apple and to any relevant third party, under the terms of the loan agreement.
In any case, welcome is this opening. And it is that historically, relations between Apple and the security industry have been generally somewhat tense, mainly because the Cupertino company has always offered very little visibility on iOS.
Are we facing the final goodbye of jailbreaks?
In fact, this new iPhone has no other purpose than to allow external professionals to investigate iOS from different angles, without the need to resort to jailbreaks and iOS emulators from third parties to get that deeper information.
Although Apple is still struggling to try to scale back those efforts, with various lawsuits ongoing, this has not stopped us from recently seeing one of the biggest vulnerabilities in its operating system. Thus, although it is a good strategy to try to mitigate this type of “attack”, there is nothing to ensure that the company is completely free of this problem.
And it is that the Internet community has always been characterized by a great desire for free sharing.
Leave a Reply