What's behind Apple's iOS security research device program? Special

Posted Aug 24, 2020 by Tim Sandle
Apple has begun loaning special research iPhones with unprecedented access to skilled and vetted researchers, enabling them to find and report security vulnerabilities in which Apple can address through its iOS Security Research Device program.
Apple's share price has doubled since March  taking its market valuation to over $2 trillion  t...
Apple's share price has doubled since March, taking its market valuation to over $2 trillion, the highest ever seen on Wall Street
The basis of Apple's move, according to TechCrunch, is to embrace security researchers and bug bounty hunters. Previously Apple has sought to cover this internally. The Apple approach is to provide approved cybersecurity experts with what are called “Security Research Device (SRD)” iPhones. These are special types of iPhones that offer root shell access and allow researchers to run custom commands, things that are not available on iPhones sold to the general public.
According to Casey Ellis, CTO and Founder of Bugcrowd, leveraging outside researchers is key in getting ahead of attackers.
Ellis tells Digital Journal: “The iOS Security Research Device program is a step in the right direction for Apple". The basis for this is because despite rumours to the contrary, iPhones are just as vulnerable to cybersecurity exploits as Android devices. Being a U.S. company makes Apple a particular target for nation-state-backed attackers. Hence, Apple is looking at all areas for a security boost.
Ellis thinks the measures put in place are useful, and notes further: "To proactively identify and close vulnerabilities in their products before they can be exploited by bad actors, both before and after products are brought to market, organizations should take a page out of Apple’s playbook and work with outside researchers."
With this Ellis says that a proactive approach is important: "Speed is the natural enemy of security in software development, and no organization is safe, even companies with in-house security teams." Putting new measures in place is therefore a priority.