The basis of Apple’s move, according to TechCrunch, is to embrace security researchers and bug bounty hunters. Previously Apple has sought to cover this internally. The Apple approach is to provide approved cybersecurity experts with what are called “Security Research Device (SRD)” iPhones. These are special types of iPhones that offer root shell access and allow researchers to run custom commands, things that are not available on iPhones sold to the general public.
According to Casey Ellis, CTO and Founder of Bugcrowd, leveraging outside researchers is key in getting ahead of attackers.
Ellis tells Digital Journal: “The iOS Security Research Device program is a step in the right direction for Apple”. The basis for this is because despite rumours to the contrary, iPhones are just as vulnerable to cybersecurity exploits as Android devices. Being a U.S. company makes Apple a particular target for nation-state-backed attackers. Hence, Apple is looking at all areas for a security boost.
Ellis thinks the measures put in place are useful, and notes further: “To proactively identify and close vulnerabilities in their products before they can be exploited by bad actors, both before and after products are brought to market, organizations should take a page out of Apple’s playbook and work with outside researchers.”
With this Ellis says that a proactive approach is important: “Speed is the natural enemy of security in software development, and no organization is safe, even companies with in-house security teams.” Putting new measures in place is therefore a priority.
