Apple is smart to enlist hackers and iPhone 7 jailbreakers to secure iOS and macOS
Apple has historically been very guarded and secretive. While this is still true today, the company has definitely become more open after Steve Job's death. Quite frankly, the fact that there are now public betas for both iOS and macOS is mind-blowing for the Apple faithful. Last month, the company even launched its first bug bounty program! Why did Apple soften its guarded position? It had to. As the technology market advances, and security becomes a bigger focus, it is not possible to catch all bugs and vulnerabilities in house.
While the bug bounty and public betas were very wise moves, the company is apparently taking things a step further. According to Forbes, Apple is enlisting iPhone jailbreakers and other hackers (such as Luca Todesco, Nicholas Allegra and Patrick Wardle) to bolster the security of its products using the aforementioned bug bounty program. In fact, it is rumored to be happening at a secret meeting. If true, is the company smart to trust these people?
Many iPhone users like jailbreaking their devices, and yeah, I can understand the appeal. You can make your phone do things that Apple did not intend, including fun customizations. The problem? It makes your iPhone or iPad less secure. Every time an exploit is discovered that allows jailbreaking, or a vulnerability is discovered in macOS, it highlights a bug that Apple missed -- it is embarrassing for the company.
Some bugs and vulnerabilities can be exploited by malware, as we saw last month. While the iPhone is viewed by many as secure, hackers were found to be spying on people. It was quickly patched with iOS 9.3.5, but there is no telling how long the vulnerability had been in the wild. This malware in particular highlights why Apple must do whatever it can to secure its products -- including working with known hackers.
Unfortunately, selling these bugs and exploits to nefarious groups and governments can be quite lucrative -- it is big business. In order for Apple to recruit these people into its program, it has to do one of two things -- outbid other entities that purchase them, or build a relationship with the hackers. If Apple has really invited these people as Forbes claims, they may be trying to do the latter.
Besides the previously mentioned invitees, who else is attending? Forbes says the following.
Forbes believes others who made the cut include noted iPhone and Mac hackers Francisco Alonso, Stefan Esser, Braden Thomas, Pedro Vilaca and Jonathan Zdziarski. Former Apple engineer Alex Ionescu, Steven De Franco (better known in the jailbreak community as ih8sn0w), and a member of the famous Pangu jailbreak crew, Hao Xu, are also amongst the invitees.
Whether or not this secret meeting pays off for Apple remains to be seen. If the maximum the iPhone-maker will pay is $200,000, and other groups (such as Cellebrite) will offer them more, these hackers and jailbreakers may be tempted to cut Apple out. Cash is king, right?
Tim Cook and company may want to consider higher bounty payments, or to take things further, hire these people full time. Yes, I am actually suggesting making these people official Apple employees. With that said, they will need to be vetted, of course. These folks are undoubtedly smart, but their trustworthiness and ability to adapt to the corporate world will need to be proven.
Do you think Apple is wise to work with jailbreakers and hackers or is it playing with fire? Tell me in the comments.