Apple might give hackers special iPhones to plug security problems


The CIA has a team of more than 5,000 hackers.
This is what a real hacker looks like. Dry ice is not optional.
Photo: Brian Klug/Flickr CC

Apple has historically not been a company in favor of people jailbreaking its devices. So why would Cupertino give hackers special iPhones to help them find weaknesses in iOS? To patch those problems, of course!

According to a new report, Apple will announce plans this week at the Black Hat security conference in Las Vegas to hand out such devices to security researchers. Apple also will introduce a new Mac bug bounty program to reward anyone who finds security problems in macOS.

Forbes writes that:

“The iPhones will be given to the rock star hackers that participate in the Cupertino company’s invitation-only bug bounty program, where participants disclose bugs in Apple products in return for monetary rewards. The payments can go as high as $200,000, as announced at the 2016 Black Hat conference.”

The devices will be “dev devices,” which can do more than regular locked-down iPhones. They will allow Apple’s hand-picked “rock star hackers” to more thoroughly inspect the processor and memory of iPhones for vulnerabilities.

These will not, however, be the exact same iPhones available to Apple staff. They will likely not allow hackers to decrypt the iPhone’s firmware, as Apple’s own security team can do.

Forbes‘ report does not state which security professionals Apple will give these devices to. Given the level of trust that this involves, it presumably will be people Apple has worked with before.

Apple bug bounty program

Apple launched its bug bounty program back in 2016. The program offers rewards of up to $200,000 for security researchers who find vulnerabilities on Apple’s software platforms.

But it remains unclear if the Apple bug bounties previously applied to macOS. In February, a hacker discovered a macOS bug that allowed him to spy on passwords in the Keychain. However, he did not immediately share this vulnerability with Apple due to the lack of a payment.

If Apple takes these steps, it seems to show real concern about security issues. If the new strategy results in fewer security snafus in the future, we’re all for it. Presumably the hackers won’t be too upset about another source of potential income, either.

Have you ever contacted Apple about any bugs you’ve discovered in iOS and macOS? If so, what was the response? Let us know in the comments below.


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.