by Brandon Butler
Apple Launches Security Research Device Program 7/23/2020

Zack Whittaker for TechCrunch:

Last year at the Black Hat security conference, Apple’s head of security Ivan Krstic told a crowd of security researchers that it would give its most-trusted researchers a “special” iPhone with unprecedented access to the the device’s underbelly, making it easier to find and report security vulnerabilities that Apple can fix in what it called the iOS Security Research Device program.

Starting today, the company will start loaning these special research iPhones to skilled and vetted researchers that meet the program’s eligibility.

These research iPhones will come with specific, custom-built iOS software with features that ordinary iPhones don’t have, like SSH access and a root shell to run custom commands with the highest access to the software, and debugging tools that make it easier for security researchers to run their code and better understand what’s going on under the surface.

TechCrunch’s headline is misleading for the average user: “Hacker”, in this sense, is a security researcher who’s job is to find critical vulerablities in siftware and hardware and report them to the devleoper. This isn’t a device for the “criminal hacker” sort, but their headline will probably get more clicks than “Apple Launches Security Research Device Program” and that’s what matters, right?

Bad headlines aside, this is a really important move for Apple to make. Security through obscurity doesn’t work, and researchers need this kind of access to find critical vulnerabilities in devices. This only serves the make the iPhones in our pockets even more secure than they already are.