Apple Invites Security Researchers to Test iPhone 14 Pro Security
Apple is inviting white hat security specialists to participate in the 2024 iPhone Security Research Device Program (SRDP) and search for vulnerabilities in specially prepared versions of the iPhone 14 Pro, designed specifically for security research. Applications are being accepted until October 31, 2023.
According to Apple, since the program’s launch in 2019, researchers have discovered 130 critical vulnerabilities, with 37 CVE identifiers issued in just the past six months. The company reports that bug reports submitted through this program have already helped implement new security measures and reduce risks in areas such as the kernel, kernel extensions, and XPC services.
The iPhone 14 Pro provided to researchers comes with certain security features disabled and shell access enabled, making it possible to search for vulnerabilities on a platform that is usually closed to such investigations. Apple describes this device as a “specially prepared hardware variant” of the iPhone, giving researchers the tools needed to deactivate built-in iOS protections.
Each year, Apple provides Security Research Devices (SRDs) to a limited number of security professionals who apply to participate in the program and are carefully selected based on their track record, including work on other platforms.
“Shell access is available, you can run any tools, choose privileges, and even customize the kernel,” Apple writes. “Additionally, all vulnerabilities discovered using the SRD are automatically eligible for the Apple Security Bounty program. In the past, we were pleased to award bounties for more than 100 reports from our SRDP researchers, with several awards reaching $500,000 and the average award being nearly $18,000.”
Apple also allows universities and academics to request access to the SRDP, for example, to use the devices as teaching aids in cybersecurity courses.
All applications will be thoroughly reviewed by the end of the year, and selected participants will be notified about their access to the program at the beginning of 2024.