Just under a year ago, Apple launched a new Security Research hub along with an upgraded bug bounty program, updates to the Security Research Device Program, and more. Starting today for a limited time, Apple has opened up applications for next year’s Security Research Device Program. Here’s how to apply.
Apple announced the open applications for the 2024 program today on its Security Research site. The main idea of the program is to provide “an iPhone exclusively dedicated to security research” along with help to “get started, go deeper, or improve the efficiency of your research work with iOS.”
From today through October 31, we invite security researchers to apply for the 2024 iPhone Security Research Device Program (SRDP) to jump-start their iPhone research, work with our security teams to help protect users, and qualify for Apple Security Bounty rewards.
Apple highlights that since the SRDP started in 2019, 130 “security-critical vulnerabilities” have been found by researchers, making important contributions to the system.
And the rewards for those bugs have increased. Apple notes over 100 findings have earned bug bounty payouts “with multiple awards reaching $500,000 and a median award of nearly $18,000.”
Here’s how Apple describes the SRDP:
iPhone is the most secure consumer mobile device on the market, and the depth and breadth of sophisticated protections that defend users can make it very challenging to get started with iPhone security research. The central feature of SRDP is the Security Research Device — a specially-built hardware variant of iPhone 14 Pro that’s designed exclusively for security research, with tooling and options that allow researchers to configure or disable many advanced security protections of iOS that cannot be disabled on normal iPhone hardware in the hands of users.
Among other features, researchers can use a Security Research Device (SRD) to:
- Install and boot custom kernel caches.
- Run arbitrary code with any entitlements, including as platform and as root outside the sandbox.
- Set NVRAM variables.
- Install and boot custom firmware for Secure Page Table Monitor (SPTM) and Trusted Execution Monitor (TXM), new in iOS 17.
If you’re interested in applying, keep in mind Apple only selects a limited number of researchers each year. Applications are open now through October 31 and Apple says it will “notify selected participants in early 2024.”
Check out more details including eligibility requirements and apply on Apple’s website.
FTC: We use income earning auto affiliate links. More.
Comments