Researchers and Hackers Use Rare Dev-Fused Prototype iPhones to Unlock Security Secrets

If you've ever wondered how security researchers and hackers manage to bypass Apple's protections and security features to uncover iPhone vulnerabilities and other sensitive info, Motherboard is out today with a new report that has an answer.

Hackers and security researchers use rare "dev-fused" iPhones created for internal use at Apple. These dev-fused iPhones have not finished the production process and have many security features disabled. Motherboard describes them as "pre-jailbroken devices."

devfusediphone

A dev-fused ‌iPhone‌ image shared with Motherboard by collector Giulio Zompetti

Dev-fused iPhones are smuggled out of Apple where they can sell for thousands of dollars on the gray market. These iPhones are incredibly valuable due to the fact that they can be used to locate vulnerabilities able to impact release versions of the ‌iPhone‌.

On the back of dev-fused iPhones seen by Motherboard, there's a QR-code sticker, a separate barcode, and a decal that says "FOXCONN," referring to the factory that makes iPhones and other Apple products. Otherwise, the phones look like normal iPhones. That standard iPhone experience ends when the phone is turned on. When booted up, you briefly see a command line terminal. And then when it loads, gone are the sleek icons and colorful backgrounds of iOS.

Motherboard spent months researching dev-fused iPhones, talking to more than two dozen sources ranging from security researchers and Apple employees to rare phone collectors and jailbreakers, and found that researchers, hackers, and high-profile companies like Cellebrite or GrayKey use these dev-fused iPhones to uncover bugs that can later be exploited by law enforcement agencies.

A dev-fused ‌iPhone‌ was, for example, used in 2016 to study the Secure Enclave Processor, and security researchers were able to uncover valuable details on how it works. These dev-fused iPhones are stolen property and illegal to possess, but are apparently "widely used" in the ‌iPhone‌ hacking scene.

"If you are an attacker, either you go blind or with a few thousand dollars you have all you need," Luca Todesco, one of the most well-known iOS security researchers in the world, told Motherboard, referring to people who buy dev-fused iPhones. "Some people made the second choice."

Motherboard was able to find someone on Twitter who sells dev-fused iPhones, with a dev-fused ‌iPhone‌ X priced at around $1,800. The seller said that he's provided dev-fused iPhones to several security researchers and that he believes major security firms that hack iPhones also use them. Other sellers offer dev-fused iPhones at higher prices, and Motherboard found an ‌iPhone‌ XR priced at $20,000.

Dev-fused iPhones are paired with a proprietary Apple cable called Kanzi that can cost upwards of $2,000, that, when plugged into a Mac, provides access to internal Apple software that offers root access to the phone.

Most of these devices seem to be stolen from and smuggled out of factories like Foxconn in China. Apple is apparently "well aware" of the fact that dev-fused devices are available. Apple has "ramped up efforts" to keep these devices from leaving Foxconn and does go after dev-fused ‌iPhone‌ sellers.

Motherboard's full report can be read over on the Motherboard website, and it is a fascinating look at the world of ‌iPhone‌ hacking for anyone who is interested in how ‌iPhone‌ vulnerabilities are uncovered.

Popular Stories

ios 18 button bulge

iOS 18 Adds Pop-Out Bezel Animation When Pressing iPhone Buttons

Tuesday June 11, 2024 10:40 am PDT by
iOS 18 includes a small but interesting change for the buttons on the iPhone, adding more of a visual element when changing volume, activating the Action button, or locking the screen. When you press an iPhone button in iOS 18, the display bezel bulges outward slightly. This feature is available for the volume buttons, Action button and the power button, and it will also likely be used for...
iOS 18 Mock iPhone 16 Feature Gray

Revealed: iOS 18 Works With These iPhone Models

Monday June 10, 2024 3:57 am PDT by
iOS 18 will be compatible with the same iPhone models as iOS 17, according to a post on X today from a private account with a proven track record of sharing build numbers for upcoming iOS updates. iOS 18 will be compatible with the iPhone XR, and hence also the iPhone XS and iPhone XS Max models with the same A12 Bionic chip, but older iPhone models will miss out. Here is the full...
Next Gen CarPlay WWDC24 1

Apple Provides Updated Look at Next-Generation CarPlay at WWDC 2024

Monday June 10, 2024 7:11 pm PDT by
Apple today shared a few WWDC 2024 coding sessions related to its upcoming next-generation CarPlay system ahead of its launch later this year. The sessions include lots of updated next-generation CarPlay images, with one revealing new Vehicle, Media, and Climate apps in action for the first time. MacRumors previously discovered evidence of these apps in the iOS 17.4 beta. Next-generation...
ios 18 tile summary

Apple Announces iOS 18 With New Customization Features, Redesigned Photos App, and More

Monday June 10, 2024 10:17 am PDT by
Apple today previewed iOS 18, the next major update to the operating system for the iPhone, with new customization features, a redesigned Photos app, and more. iOS 18 features new customization tools for the Home Screen. App icons now feature Dark Mode and users can tint them with a color to create a unique look. Apps can also now be placed anywhere on the Home Screen freely. The Control...
sequoia

macOS Sequoia and iPadOS 18 Drop Support for These Macs and iPads

Monday June 10, 2024 4:13 pm PDT by
macOS Sequoia is still compatible with several Intel-based Macs, but it does drop support for 2018 and 2019 models of the MacBook Air. macOS Sequoia is compatible with the following Macs, according to Apple: MacBook Pro: 2018 and later MacBook Air: 2020 and later Mac mini: 2018 and later iMac: 2019 and later iMac Pro: 2017 Mac Studio: 2022 and later Mac Pro: 2019 and later The...
maxresdefault

Everything Apple Announced at WWDC 2024 in Nine Minutes

Monday June 10, 2024 7:59 pm PDT by
Apple crammed an overwhelming number of new features into its WWDC 2024 keynote event, introducing Apple Intelligence, iOS 18, iPadOS 18, macOS Sequoia, visionOS 2, watchOS 11, and tvOS 18. It was hard to keep up with everything that Apple highlighted, so we did a video of all of the new additions you won't want to miss. Subscribe to the MacRumors YouTube channel for more videos. We've also...
iOS 18 Siri Integrated Feature

Massive iPhone Upgrade Coming This Week But These Devices Will Miss Out

Sunday June 9, 2024 1:25 pm PDT by
Apple is planning a major AI overhaul in iOS 18, with a feature set it is referring to as "Apple Intelligence." However, these new features will not work on older iPhones, even if they do appear on the new operating system's device compatibility list. Apple's initial AI roadmap for iOS 18 is said to come in two parts: Basic AI features that will be processed on-device, and more advanced...

Top Rated Comments

AngerDanger Avatar
69 months ago


Oh, I've been there, man! Long nights spent hacking away at devices on top of my… alligator leather covered table.
Score: 26 Votes (Like | Disagree)
7thson Avatar
69 months ago
What's gray about selling stolen property?
Score: 11 Votes (Like | Disagree)
m4mario Avatar
69 months ago
Sometimes I forget how big Apple really has become. The kind of problems Apple faces, few companies need to face.
Score: 4 Votes (Like | Disagree)
tzm41 Avatar
69 months ago
So there are backdoors. I am guessing that because it's called "Dev-fused" that there is a hardware fuse that when blown during provisioning removes the ability of the phone to be used this way. That means that the restriction is by-passable.

The $2000 cable just means that encrypted communications is also required and the cable contains the encryption hardware and/or keys. So much for Apple's pie the eye security. Still better than the competitors, but not much challenge for the NSA.
I don't think "development units without security measures installed" are equal to "retail devices with backdoors installed".
Score: 4 Votes (Like | Disagree)
Aston441 Avatar
69 months ago
Hopefully someday a good completely open source (software and hardware) phone will come to market and we can leave all the proprietary bullpoo behind as a bad memory.
Score: 4 Votes (Like | Disagree)
magbarn Avatar
69 months ago
As long as Apple continues to be cheap and build their iPhones in a country that condones IP theft, expect this to continue...
Score: 4 Votes (Like | Disagree)