Apple launches Security Research Device programme to help researchers find vulnerabilities in iPhones

Apple has launched a new programme under which it is offering special research iPhones to security researchers. These units with deep access are aimed at helping researchers find and report security vulnerabilities.

These research iPhones feature a customised iOS operating system that is not available on commercial units. Researchers are granted access to SSH and root shell. The access is aimed at helping them run debugging tools and other codes to decode the operating system.

As TechCrunch notes, this is the first time Apple has given such deep access to outsiders. So far, researchers have relied on workarounds such as jailbreaking to access the internals.

Apple on its website says the Security Research Device (SRD) will be given to eligible researchers on a 12-month renewable basis contract. These devices are not meant for daily usage and should always be kept within the premises of participants.

ALSO READ: Apple dials privacy at its annual developer conference

Another clause says that researchers or users of SRDs will need to report a vulnerability to Apple. Until a certain publication date (usually the date which Apple rolls out the fix for a bug), users cannot discuss the vulnerability with anyone else.

ALSO READ: Apple rejects 16 new Web APIs over privacy concerns

To be eligible for Apple's new SRD programme, you need to be a membership Account Holder in the Apple Developer Program. You need to have “a proven track record of success in finding security issues on Apple platforms, or other modern operating systems and platforms,” says Apple.

The new initiative is in addition to Apple's existing bug bounty programme which focuses on vulnerabilities in publicly available versions of iOS, iPad, macOS, tvOS, or watchOS.