Join JAAGNet and Group

SIgn up for JAAGNet & the Telco/5G Group its FREE!!

 

Member Benefits:
_____________________

 

Again signing up for JAAGNet & Group Membership is FREE and will only take a few moments!

Here are some of the benefits of Signing Up:

  • Ability to join and comment on all the JAAGNet Domain communities.
  • Ability to Blog on all the Domain communities 
  • Visibility to more pages and content at a group community level, such as Community, Internet, Social and Team Domain Community Feeds.
  • Make this your only content hub and distribute your blogs to LinkedIn, Reddit, Facebook, Twitter, WhatsApp, Messenger, Xing, Skype, WordPress Blogs, Pinterest, Email Apps and many, many more (100+) social network and feed sites. 
  • Opportunity to collaborate (soon to be  released) with various JAAGNet Business communities and other JAAGNet Network members.
  • Connect (become friends), Follow (and be Followed) and Network with JAAGNet members with similar interests.
  • Your Content will automatically be distributed on Domain and JAAGNet Community Feeds. Which are widely distributed by the JAAGNet team.

Join Us!

Gold Level Contributor

Apple to issue hackable iPhones

Apple to issue hackable iPhones
Credit: Unsplash/CC0 Public Domain

Apple announced this week that it will begin shipping out specially configured Security Research Device iPhones to researchers so that they can probe for vulnerabilities without interference from standard iPhone security walls.

This marks the first time Apple has released such research models that grant specialists virtually unlimited operating system permissions to run their own programs, custom commands and code. The iPhones will come with debugging tools and allow access root shell code.

Apple first announced plans at last year's Black Hat security conference to release modified iPhones to make it simpler for researchers to probe for vulnerabilities.

Security specialists currently have to rely on jailbreaks or third party emulators to study security issues. But those approaches have limitations. According to Apple, results achieved on jailbroken phones are not reliable because of the inherent differences between a legitimate model and a hacked one. Also, Apple notes, most jailbreaks work only older phones and older iOS versions.

At least in part in recognition of those obstacles, Apple is taking this step to work more closely with researchers.

"Security researchers have already proved to be rather successful at uncovering flaws in both iOS proper and security and privacy issues in third-party apps," Patrick Wardle, an Apple security researcher at the enterprise management firm Jamf, told Wired magazine. "Armed with these new devices, they are likely only going to find more. Being able to audit and analyze third-party apps more easily on modern devices running the latest version of iOS would be lovely. It's ultimately a big win for Apple's users and Apple itself."

Apple is accepting applications for the new program from researchers with established records of security research. Applicants must be account holders in the Apple Developer Program. The phones will be loaned to researchers and renewals must be made yearly.

The program will work alongside Apple's bug bounty program, which was expanded to all researchers last year. Researchers uncovering vulnerabilities can earn up to $1 million from Apple plus bonuses of up to 50 percent depending on the potential severity of the problems they find.

Restrictions will be placed on program participants. The phones cannot be used for personal calls. Vulnerabilities uncovered by researchers cannot be revealed to the public until Apple gives permission, presumably after patches are designed.

Some security groups are concerned about the secrecy provisions. One expert explained his concern about the possibility of a significant flaw that remains uncorrected being kept from the public. Will Strafach, CEO of mobile security company Guardian and an iOS security researcher, said he favors public disclosure of security problems as a means of pressuring sometimes recalcitrant companies from acting. Because of Apple's restrictions on disclosure, he said his company would not apply for the program.

And Ben Hawkes of Google's security research team Project Zero said his group, too, will decline participation for the same reasons. "We'll continue to research Apple platforms and provide Apple with all of our findings, because we think that's the right thing to do for user security. But I'll confess, I'm pretty disappointed," he said.

Originally published by
Peter Grad | July 23, 2020
TechXplore

E-mail me when people leave their comments –

You need to be a member of JAAGNet to add comments!

Join JAAGNet

JAAGNet Telco/5G Feed

JAAGNet Telco/5G Community Events

JAAGNet Telco/5G Blog Archive

See Original | Powered by elink

JAAGNet Channel Telco/5G Playlist