Researchers and Hackers Use Rare Dev-Fused Prototype iPhones to Unlock Security Secrets

If you've ever wondered how security researchers and hackers manage to bypass Apple's protections and security features to uncover iPhone vulnerabilities and other sensitive info, Motherboard is out today with a new report that has an answer.

Hackers and security researchers use rare "dev-fused" iPhones created for internal use at Apple. These dev-fused iPhones have not finished the production process and have many security features disabled. Motherboard describes them as "pre-jailbroken devices."

devfusediphone

A dev-fused ‌iPhone‌ image shared with Motherboard by collector Giulio Zompetti

Dev-fused iPhones are smuggled out of Apple where they can sell for thousands of dollars on the gray market. These iPhones are incredibly valuable due to the fact that they can be used to locate vulnerabilities able to impact release versions of the ‌iPhone‌.

On the back of dev-fused iPhones seen by Motherboard, there's a QR-code sticker, a separate barcode, and a decal that says "FOXCONN," referring to the factory that makes iPhones and other Apple products. Otherwise, the phones look like normal iPhones. That standard iPhone experience ends when the phone is turned on. When booted up, you briefly see a command line terminal. And then when it loads, gone are the sleek icons and colorful backgrounds of iOS.

Motherboard spent months researching dev-fused iPhones, talking to more than two dozen sources ranging from security researchers and Apple employees to rare phone collectors and jailbreakers, and found that researchers, hackers, and high-profile companies like Cellebrite or GrayKey use these dev-fused iPhones to uncover bugs that can later be exploited by law enforcement agencies.

A dev-fused ‌iPhone‌ was, for example, used in 2016 to study the Secure Enclave Processor, and security researchers were able to uncover valuable details on how it works. These dev-fused iPhones are stolen property and illegal to possess, but are apparently "widely used" in the ‌iPhone‌ hacking scene.

"If you are an attacker, either you go blind or with a few thousand dollars you have all you need," Luca Todesco, one of the most well-known iOS security researchers in the world, told Motherboard, referring to people who buy dev-fused iPhones. "Some people made the second choice."

Motherboard was able to find someone on Twitter who sells dev-fused iPhones, with a dev-fused ‌iPhone‌ X priced at around $1,800. The seller said that he's provided dev-fused iPhones to several security researchers and that he believes major security firms that hack iPhones also use them. Other sellers offer dev-fused iPhones at higher prices, and Motherboard found an ‌iPhone‌ XR priced at $20,000.

Dev-fused iPhones are paired with a proprietary Apple cable called Kanzi that can cost upwards of $2,000, that, when plugged into a Mac, provides access to internal Apple software that offers root access to the phone.

Most of these devices seem to be stolen from and smuggled out of factories like Foxconn in China. Apple is apparently "well aware" of the fact that dev-fused devices are available. Apple has "ramped up efforts" to keep these devices from leaving Foxconn and does go after dev-fused ‌iPhone‌ sellers.

Motherboard's full report can be read over on the Motherboard website, and it is a fascinating look at the world of ‌iPhone‌ hacking for anyone who is interested in how ‌iPhone‌ vulnerabilities are uncovered.

Top Rated Comments

AngerDanger Avatar
43 months ago


Oh, I've been there, man! Long nights spent hacking away at devices on top of my… alligator leather covered table.
Score: 26 Votes (Like | Disagree)
7thson Avatar
43 months ago
What's gray about selling stolen property?
Score: 11 Votes (Like | Disagree)
m4mario Avatar
43 months ago
Sometimes I forget how big Apple really has become. The kind of problems Apple faces, few companies need to face.
Score: 4 Votes (Like | Disagree)
tzm41 Avatar
43 months ago
So there are backdoors. I am guessing that because it's called "Dev-fused" that there is a hardware fuse that when blown during provisioning removes the ability of the phone to be used this way. That means that the restriction is by-passable.

The $2000 cable just means that encrypted communications is also required and the cable contains the encryption hardware and/or keys. So much for Apple's pie the eye security. Still better than the competitors, but not much challenge for the NSA.
I don't think "development units without security measures installed" are equal to "retail devices with backdoors installed".
Score: 4 Votes (Like | Disagree)
Aston441 Avatar
43 months ago
Hopefully someday a good completely open source (software and hardware) phone will come to market and we can leave all the proprietary bullpoo behind as a bad memory.
Score: 4 Votes (Like | Disagree)
magbarn Avatar
43 months ago
As long as Apple continues to be cheap and build their iPhones in a country that condones IP theft, expect this to continue...
Score: 4 Votes (Like | Disagree)

Popular Stories

widgets ios 16 feature

Gurman: iPhone 14 Pro to Feature Always-On Display Showing iOS 16's New Lock Screen Widgets

Sunday June 26, 2022 7:36 am PDT by
iPhone 14 Pro models are widely expected to feature always-on displays that allow users to view glanceable information without having to tap to wake the screen. In the latest edition of his Power On newsletter for Bloomberg, Mark Gurman said the feature will include support for iOS 16's new Lock screen widgets for weather, fitness, and more. "Like the Apple Watch, the iPhone 14 Pro will be...
maxresdefault

M2 13-Inch MacBook Pro With 256GB SSD Appears Slower Than Equivalent M1 in Real-World Speed Tests

Monday June 27, 2022 1:57 pm PDT by
Benchmark testing has indicated that the 256GB variant of the 13-inch MacBook Pro with M2 chip offers slower SSD performance than its M1 equivalent, and now real-world stress testing by YouTuber Max Yuryev of Max Tech suggests that the 256GB SSD in the 13-inch MacBook Pro is also underperforming in day-to day-usage. The M2 MacBook Pro with 256GB SSD and 8GB RAM was slower than the M1 MacBook ...
13 inch macbook pro m2 mock feature 2

Base 13-Inch MacBook Pro With M2 Chip Has Significantly Slower SSD Speeds

Sunday June 26, 2022 2:52 pm PDT by
Following the launch of Apple's new 13-inch MacBook Pro with the M2 chip, it has been discovered that the $1,299 base model with 256GB of storage has significantly slower SSD read/write speeds compared to the equivalent previous-generation model. YouTube channels such as Max Tech and Created Tech tested the 256GB model with Blackmagic's Disk Speed Test app and found that the SSD's read and...
m2 mac mini screen feature

Gurman: Apple Planning M2 Pro Mac Mini, New Apple TV With A14 Chip, Revamped HomePod With S8 Chip, and More

Sunday June 26, 2022 6:31 am PDT by
In the latest edition of his Power On newsletter for Bloomberg, Mark Gurman outlined additional M2 Macs on Apple's product roadmap, including new Mac mini models with M2 and M2 Pro chips, new 14-inch and 16-inch MacBook Pro models with M2 Pro and M2 Max chips, and a new Mac Pro tower with M2 Ultra and "M2 Extreme" chips. Following the M2 series of Macs, Gurman said the first M3 series of...
M2 Pro and Max Feature

Apple's Upcoming M2 Pro Chip for High-End MacBook Pro and Mac Mini Will Reportedly Be 3nm

Monday June 27, 2022 7:31 am PDT by
TSMC will manufacture Apple's upcoming "M2 Pro" and "M3" chips based on its 3nm process, according to Taiwanese industry publication DigiTimes. "Apple reportedly has booked TSMC capacity for its upcoming 3nm M3 and M2 Pro processors," said DigiTimes, in a report focused on competition between chipmakers like TSMC and Samsung to secure 3nm chip orders. As expected, the report said TSMC will...
iPhone 11 Pro vs iPhone 14 Pro

iPhone 11 Pro vs. 14 Pro: New Features to Expect if You've Waited to Upgrade

Monday June 27, 2022 11:22 am PDT by
With many customers choosing to upgrade their iPhone every two or three years nowadays, there are lots of iPhone 11 Pro users who might be interested in upgrading to the iPhone 14 Pro later this year. Those people are in for a treat, as three years of iPhone generations equals a long list of new features and changes to look forward to. Below, we've put together a list of new features and...
tesla carplay hack

Tesla Apple CarPlay Hack Updated to Work With Any Tesla Model

Monday June 27, 2022 3:38 am PDT by
Polish developer Michał Gapiński has released a new and improved version of his "Tesla Android Project" which brings Apple's CarPlay experience to more Tesla vehicles than ever before. According to Gapiński, version 2022.25.1 provides "100% functional CarPlay integration for any Tesla," and comes with several new features and bug fixes. The project now supports DRM video playback so that...
2022 back to school apple

Apple Launches 2022 Back to School Offer: Up to $150 Gift Card With Mac or iPad

Friday June 24, 2022 5:08 am PDT by
Apple today launched its annual "Back to School" promotion for college/university students in the United States and Canada. This year's promotion offers a free Apple gift card with the purchase of an eligible Mac or iPad, rather than free AirPods like last year. Apple is also offering students 20% off AppleCare+ plans during the promotion. Apple is offering a $150 gift card with the purchase ...