قالب وردپرس درنا توس
Home / Mac / Apple releases hacker friendly iPhones, plots Mac Bug Bounty Sources

Apple releases hacker friendly iPhones, plots Mac Bug Bounty Sources




<div _ngcontent-c15 = "" innerhtml = "

Does Apple open up?

Seen from a cybersecurity perspective, it looks like this. Later this week on Black Hat security conference in Las Vegas, Apple announces plans to give security researchers special iPhones that will help them find weaknesses in the smartphone, Forbes has learned, and will also announce an Apple Mac bounty, so everyone sources that find vulnerabilities in macOS will be rewarded, sources claim, Apple declined to comment.

iPhones will be given to rock star hackers participating in the Cupertino company's only invitation-error bounty program where pairs of participants reveal bugs in Apple products in return for money. The payment can go as high as $ 200,000, announced at the Black Hat Conference 2016.

What makes these iPhones special? A source with knowledge of the Apple announcement said that they would essentially be "dev devices." Think of them as iPhones that allow the user to do much more than they could on a traditionally locked iPhone. For example, it should be possible to search for parts of the Apple operating system that are not easily accessible on a commercial iPhone. In particular, the special devices can allow hackers to stop the processor and inspect the memory for vulnerabilities. This will allow them to see what happens at the code level when attempting an attack on iOS code.

But they will not be exactly the same as the iPhones Apple's internal staff uses. They are going to be "small" versions, without the same level of openness that Apple's security team enjoys, a source said. For example, Apple is unlikely to allow hackers to decrypt iPhone firmware, the software that underpins much of the device's functionality.

In addition to trying to increase iPhone security, the move could also be a reaction to leaks from dev devices, which have subsequently been sold on the black market. They have proven useful for hackers in recent years, according to a report by Vice Motherboard . While the possibility of leaks on iPhone devices may increase with this latest strategy, Apple is wooing the people on its bounty program and will likely still retain some control over the dev phones. The announcement can also be seen as the tech giant trying to thwart underground sales.

Apple Mac bug bounty & # 39; a no brainer & # 39;

When it comes to the Apple Mac bug bounty, it is not known if similar prizes will be on offer, but there is something security researchers have asked the Cupertino giant to deliver. In February 18-year-old Linus Henze found an error in macOS that allowed him to spy on password in the keychain, but refused to give Apple details due to non-payment.

"If you're a big company with good resources like Apple, which claims to put a premium on security, it's no brainer to have a bug-bounty program," said Patrick Wardle, chief security researcher at Jamf, who has found countless problems in macOS.

"Such a program encourages talented external security researchers to review Apple's hardware and software products, which will reveal many vulnerabilities and report them to Apple.

"End result: Apple's products will be much more secure. Sure, this is a victory for Apple, but in the end this is a huge win for Apple's end users."

No further details about the new security programs were released, and Apple did not respond to several comment requests.

More information is likely to land on Thursday, when Apple's security and engineering chief Ivan Krstić gives his Black Hat speech entitled "Behind the Scenes for iOS and Mac Security." He promises "outstanding technical detail" on iPhone and Apple Mac security.

">

Does Apple open up?

From a cybersecurity perspective, it looks like later this week, at the Black Hat Security Conference in Las Vegas, Apple will announce plans to provide security researchers special iPhones that will make it easier for them to find weaknesses in the smartphone, Forbes learned, it will also announce an Apple Mac bounty, so anyone who can find security issues in macOS will be rewarded, sources claim Apple declined to comment.

The iPhones will be given to rock star hackers participating in the Cupertino company's invitation-only bug reward program, in which participants reveal bugs in Apple products in return r for monetary rewards. The payment can go as high as $ 200,000, announced at the Black Hat Conference 2016.

What makes these iPhones special? A source with knowledge of the Apple announcement said that they would essentially be "dev devices." Think of them as iPhones that allow the user to do much more than they could on a traditionally locked iPhone. For example, it should be possible to search for parts of the Apple operating system that are not easily accessible on a commercial iPhone. In particular, the special devices can allow hackers to stop the processor and inspect the memory for vulnerabilities. This will allow them to see what happens at the code level when attempting an attack on iOS code.

But they will not be exactly the same as the iPhones Apple's internal staff uses. They are going to be "small" versions, without the same level of openness that Apple's security team enjoys, a source said. For example, Apple is unlikely to allow hackers to decrypt iPhone firmware, the software that underpins much of the device's functionality.

In addition to trying to increase iPhone security, the move could also be a reaction to leaks from dev devices, which have subsequently been sold on the black market. They have proven useful for hackers in recent years, according to a report by Vice Motherboard . While the possibility of leaks on iPhone devices may increase with this latest strategy, Apple is wooing the people on its bounty program and will likely still retain some control over the dev phones. The announcement can also be seen as the tech giant trying to thwart underground sales.

Apple Mac bug bounty & # 39; a no brainer & # 39;

As for the Apple Mac bug bounty, it is not known if similar prizes will be offered, but there is something security researchers have asked the Cupertino giant to deliver. In February, 18-year-old Linus Henze found an error in macOS that allowed him to spy on passwords in the keychain, but refused to give Apple details due to non-payment.

"If you're a big, well-equipped company like Apple, which claims to put a premium on security and having a bug-bounty program is no brainer," said Patrick Wardle, chief security researcher at Jamf, who has found many problems in macOS. [19659005] "Such a program strongly encourages talented external security researchers to audit Apple's hardware and software products, which will reveal many vulnerabilities and report to Apple.

" End result: Apple's products will be much more secure . Sure, this is a victory for Apple, but in the end this is a huge win for Apple's end users. "

No further details were provided about the new security programs, and Apple did not respond to multiple requests for comment.

More information is likely to land on Thursday, when Apple's chief of security and engineering, Ivan Krstić, holds Black His hat speech entitled "Behind the Scenes of iOS and Mac Security." He promises "outstanding technical detail" about iPhone and Apple Mac security. [19659036]
Source link