[ad_1]
- Images of Apple’s official jailbroken iPhone are circulating on social media.
- Security research devices are shipped to professionals looking to find and report security bugs.
- Third-party researchers who discover new vulnerabilities in iOS will be rewarded financially.
iPhone jailbreaking (essentially hacking iOS to remove security features) is once again a hot topic on social media.
But this time, it’s Apple that’s doing the jailbreaking.
Security researcher Gergely Kalman posted a photo of a jailbroken iPhone 14 Pro “Security Research Device” (SRD) sent to him by Apple. X (previously known as Twitter).
The photo also included a page of instructions for researchers and some promotional stickers that came with the device.
Kalman, who runs a cybersecurity company based in Spain, said in a reply that he was “a bit shocked” by some of the jailbroken features.
Apple pre-jailbreaks devices so third-party researchers can investigate vulnerabilities without worrying about being locked out.
“What this essentially means is that researchers can run arbitrary code as any user with arbitrary privileges, giving them almost complete control over the device,” Kalman told Business Insider. Told.
The self-described “Apple vetted hacker” pointed out that jailbreaks are “typically absent” in the latest versions of iOS. And when he does, he often accidentally ends up having one or more critical systems compromised.
“As a security researcher, having an SRD is extremely beneficial,” he said.
All newly discovered vulnerabilities are reported to Apple and addressed by iOS developers. Prizes are awarded to researchers who discover new vulnerabilities.
Kallman himself has yet to discover any vulnerabilities in iOS. “Ask me in six months,” he added.
Aside from the jailbreak, the devices are essentially “identical” to regular iPhones, Kalman said.
“No matter how you look at it, this could function as a perfectly normal iPhone 14 Pro, but for obvious reasons, such use is expressly prohibited,” Kalman said. .
According to a report from TechCrunch, Apple began offering so-called “bug bounties” in 2020. Researchers will be provided with an SRD for 12 months, but access to the device itself will be strictly controlled.
The bounties listed on Apple’s security website vary considerably. At the lower end, researchers who manage to bypass the lock screen and access the app “without extensive or highly technical effort” will receive a $5,000 reward.
Anyone who discovers a new vulnerability that allows them to bypass iOS lockdown mode could be rewarded with a payout worth up to $2 million, an extremely difficult feat.
That doesn’t mean Apple tolerates customers jailbreaking their devices. The tech giant has long claimed that “unauthorized changes” to iOS can cause a variety of performance issues, including crashes, freezes, and reduced battery life.
The iPhone user guide states, “Apple strongly warns against installing software that modifies iOS.” “It is also important to note that unauthorized modification of iOS is a violation of the iOS and iPadOS Software License Agreements, so Apple may deny service to iPhones with unauthorized software installed. there is.”
[ad_2]
Source link
