Apple opens free iPhone 14 Pro application process for security researchers
If you want a free iPhone 14 Pro, with no carrier contract locking you in for 12 or 24 months, your legal options are pretty limited. If you want that iPhone so as to be able to hack iOS while using it, however, Apple is now offering just that opportunity. But you’ll need to be quick; applications close on October 31. You will also need to meet a bunch of eligibility criteria. Here’s what you need to know.
09/02 update below. This article was originally published on August 31.
As part of Apple’s claim that the iPhone is “the world’s most secure consumer mobile device,” it created the Apple Security Research Device Program. This acknowledges that the security protections in place make it hard for security researchers to get started when looking for iOS vulnerabilities that malicious actors could exploit.
The Apple SRD is a custom iPhone 14 Pro that enables researchers to look for ways to hack iOS without having to bypass those built-in security features. What this means is that this particular iPhone 14 Pro is fully hackable by those with the requisite skills to find new iOS vulnerabilities. It provides shell access, for example, and even the ability to mess around with the kernel. Any vulnerabilities found must be reported to Apple and will be eligible for financial reward as part of the Apple Security Bounty program.
Such a device is a valuable item, especially if it were to fall into the wrong hands. So, you won’t be surprised to learn there are strict guidelines regarding usage, as well as who is eligible to apply for a 12-month free iPhone 14 Pro loaner.
When it comes to eligibility, applicants must already have had success when it comes to vulnerability research. This success can be on Apple platforms or other operating systems such as Android, for example. You can’t have been employed by Apple within the previous 12 months or be a current employee. Finally, there’s a list of countries which Apple will accept applications from, and you will need to be “the legal age of majority” for your country, which usually means 18 or above.
As far as usage goes, the hackable iPhone can only be used in a controlled security research setting. Personal use is forbidden, as is it being used as a daily carry device. Indeed, the agreement that you need to sign will demand that the phone stays on the premises of the applicant at all times. All vulnerabilities must also be reported to both Apple and any third party if it relates to such code, promptly.
So, if you meet all of these criteria, you can apply for a free iPhone 14 Pro here. But you’ll need to do so before October 31, and there’s no guarantee you will be successful. Apple vets all applicants thoroughly, and only a limited number of SRDs are available. If you are approved, though, the device remains the property of Apple and is provided on a renewable 12-month loan basis.
09/02 update: While it is generally accepted that iPhones are more secure than Android-powered devices, they are not a digital fortress that cannot be breached. Assuming that a malicious party doesn’t have physical access to your iPhone and doesn’t know your lockscreen code or Apple ID password, the weak points are vulnerabilities impacting iOS itself and malicious apps.
Earlier this year, for example, the Operation Triangulation campaign was found to be targeting iPhones with a zero-click, zero-day iMessage vulnerability. An iMessage attachment used multiple iOS vulnerabilities that meant, according to Kaspersky researchers, it was able to collect both system and user information including microphone recordings and instant message photos, amongst other data—all with no user interaction required. The last iOS update, taking it to version 16.6, fixed no less than 25 vulnerabilities. Two of these, as Kate O’Flaherty reported, being zero-days that were already being exploited in real-world attacks at the time of release.
This is why Apple’s security bounty program is so important. By considering “every issue that has a significant impact to users” for a bounty payout, it encourages security researchers to disclose their discoveries and it helps keep iOS and the iPhone as secure as possible. The payouts, made at the sole discretion of Apple are based on the specifics of each particular vulnerability. Apple says, for example, that an elevation of privilege attack by way of a user-installed app can command anything between $5,000 and $150,000. A zero-click, kernel code execution with persistence and kernel PAC bypass exploit is anywhere from $100,000 to $1,000,000. If someone were able to bypass the specific protections that are offered by lockdown mode, then Apple will pay up to $2,000,000.
A blog posting by the Apple Security Engineering and Architecture team says that researchers enrolled in the SRD program have had more than 100 vulnerability reports rewarded with bounties. The median award is close to $18,000 for these, with the highest biunty payment for a SRD user being $500,000.
If you have uncovered a security issue with your iPhone, you can submit a report here. Apple engineers review every submission, and as such they should include a detailed technical description of the behavior seen, steps required for reproduction, as well as a working exploit or proof-of-concept.