Apple’s new hackable phones will make devices more secure for everyone
One of the reasons we exclusively use devices from Apple, Google, and BlackBerry is the intense scrutiny they get from—well—everyone. Professional security researchers and hackers poke, prod, test, and exploit the devices all the time. Granted, exploiting devices can be bad if researchers don’t tell anyone, but most security researchers discreetly report their findings to device manufacturers. Manufacturers then have time to explore the exploit themselves and patch it.
Until recently the only way for security researchers could analyze Apple devices was to buy a stock device and work on it. While this is good to test for exploits in the wild, having a special research device with many of the internal workings unlocked, is immensely better. A year ago Apple announced it was developing a program to give special, hackable phones to researchers, and this week they announced they are ready to roll it out to the public.
Here’s how the program works:
Apple is opening its security research device program to analysts with an established track record of finding iOS bugs, as well as those with expertise in other platforms who want to start on iOS. The company will loan the devices for a year with the possibility to renew, and participants will also gain access to new security forums focused on the devices. If researchers “find, test, validate, verify, or confirm” a vulnerability using one of the special iPhones, they must report it to Apple—and any relevant third parties—under the terms of the loan agreement.
iOS-focused security researchers told WIRED on Wednesday that the new devices will be useful in many ways. They’ll essentially grant unlimited permissions within the operating system so researchers can run code without iOS’s typical limitations and analyze how other programs function. This will help researchers spot vulnerabilities, but it will also make it much easier for them to analyze how Apple’s own software and third-party apps behave and manage data, whether that’s assessing a prominent app like TikTok or possible spyware like ToTok .
“Security researchers have already proved to be rather successful at uncovering flaws in both iOS proper and security and privacy issues in third-party apps,” says Patrick Wardle, an Apple security researcher at the enterprise management firm Jamf. “Armed with these new devices, they are likely only going to find more. Being able to audit and analyze third-party apps more easily on modern devices running the latest version of iOS would be lovely. It’s ultimately a big win for Apple’s users and Apple itself.” — Apple’s Hackable iPhones Are Finally Here | WIRED
While some researchers are rankled by the disclosure restrictions—and the single-year lease—I believe the program is still a step in the right direction. Apple is notoriously secretive about, well, everything, so giving accredited researchers more access to the inner workings of the iPhone can only help make the devices more secure in the long term.
Security researchers play an invaluable role today. They spend time trying to find the bugs—or purposeful “features”—in apps that could compromise your privacy or open a phone up to other hacks. We rely on external research, our in-house security team, and outside testers to ensure SKY ECC devices are, and remain, the most secure communications tools you can get.
Why we don’t make our own devices and retire devices over time
This kind of scrutiny is exactly why we don’t make our own devices or modify iOS or Android. By partnering with Apple, Google and Blackberry, we ensure the devices we offer are:
- constantly updated first (when you offer your own version of Android you have to test the update on your version before releasing an update);
- designed by the very best security experts;
- built to the highest quality standards;
- continually improved technically; and
- continually improved security
Not to mention we’d only be able to offer Android devices—only Apple devices can run iOS. These are sacrifices we don’t want to make. We want to offer only the best and most secure devices and the best way to do that is leveraging Apple, Google, and BlackBerry.
We spend the time others use to maintain their devices and forked versions of Android to continually improve SKY ECC. We work on adding new features, making SKY ECC more secure, and finding better and better ways to protect your privacy.
We also constantly refresh and update which devices we offer. Once a device stops receiving security updates or able to run the latest version of the OS, we stop offering it to customers and phase it out from circulation.
Here’s to hacking for better security
I hope security researchers find—and report back to Apple—some new exploits and flaws in iOS. Finding flaws means they can be patched. Patched flaws make for secure devices. Secure devices make for private devices. And private devices are ones you can trust to use with SKY ECC safely and securely. Because no matter how secure we make our app, no matter how we apply zero-trust security to the platform, we must start with a secure foundation. And that foundation is a secure device that has passed muster over and over again.