Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
Researchers and Hackers Use Rare Dev-Fused Prototype iPhones to Unlock Security Secrets
If you've ever wondered how security researchers and hackers manage to bypass Apple's protections and security features to uncover iPhone vulnerabilities and other sensitive info, Motherboard is out today with a new report that has an answer.
Hackers and security researchers use rare "dev-fused" iPhones created for internal use at Apple. These dev-fused iPhones have not finished the production process and have many security features disabled. Motherboard describes them as "pre-jailbroken devices."
A dev-fused iPhone image shared with Motherboard by collector Giulio Zompetti
Dev-fused iPhones are smuggled out of Apple where they can sell for thousands of dollars on the gray market. These iPhones are incredibly valuable due to the fact that they can be used to locate vulnerabilities able to impact release versions of the iPhone.
A dev-fused iPhone was, for example, used in 2016 to study the Secure Enclave Processor, and security researchers were able to uncover valuable details on how it works. These dev-fused iPhones are stolen property and illegal to possess, but are apparently "widely used" in the iPhone hacking scene.
Dev-fused iPhones are paired with a proprietary Apple cable called Kanzi that can cost upwards of $2,000, that, when plugged into a Mac, provides access to internal Apple software that offers root access to the phone.
Most of these devices seem to be stolen from and smuggled out of factories like Foxconn in China. Apple is apparently "well aware" of the fact that dev-fused devices are available. Apple has "ramped up efforts" to keep these devices from leaving Foxconn and does go after dev-fused iPhone sellers.
Motherboard's full report can be read over on the Motherboard website, and it is a fascinating look at the world of iPhone hacking for anyone who is interested in how iPhone vulnerabilities are uncovered.
Hackers and security researchers use rare "dev-fused" iPhones created for internal use at Apple. These dev-fused iPhones have not finished the production process and have many security features disabled. Motherboard describes them as "pre-jailbroken devices."
Dev-fused iPhones are smuggled out of Apple where they can sell for thousands of dollars on the gray market. These iPhones are incredibly valuable due to the fact that they can be used to locate vulnerabilities able to impact release versions of the iPhone.
On the back of dev-fused iPhones seen by Motherboard, there's a QR-code sticker, a separate barcode, and a decal that says "FOXCONN," referring to the factory that makes iPhones and other Apple products. Otherwise, the phones look like normal iPhones. That standard iPhone experience ends when the phone is turned on. When booted up, you briefly see a command line terminal. And then when it loads, gone are the sleek icons and colorful backgrounds of iOS.Motherboard spent months researching dev-fused iPhones, talking to more than two dozen sources ranging from security researchers and Apple employees to rare phone collectors and jailbreakers, and found that researchers, hackers, and high-profile companies like Cellebrite or GrayKey use these dev-fused iPhones to uncover bugs that can later be exploited by law enforcement agencies.
A dev-fused iPhone was, for example, used in 2016 to study the Secure Enclave Processor, and security researchers were able to uncover valuable details on how it works. These dev-fused iPhones are stolen property and illegal to possess, but are apparently "widely used" in the iPhone hacking scene.
"If you are an attacker, either you go blind or with a few thousand dollars you have all you need," Luca Todesco, one of the most well-known iOS security researchers in the world, told Motherboard, referring to people who buy dev-fused iPhones. "Some people made the second choice."Motherboard was able to find someone on Twitter who sells dev-fused iPhones, with a dev-fused iPhone X priced at around $1,800. The seller said that he's provided dev-fused iPhones to several security researchers and that he believes major security firms that hack iPhones also use them. Other sellers offer dev-fused iPhones at higher prices, and Motherboard found an iPhone XR priced at $20,000.
Dev-fused iPhones are paired with a proprietary Apple cable called Kanzi that can cost upwards of $2,000, that, when plugged into a Mac, provides access to internal Apple software that offers root access to the phone.
Most of these devices seem to be stolen from and smuggled out of factories like Foxconn in China. Apple is apparently "well aware" of the fact that dev-fused devices are available. Apple has "ramped up efforts" to keep these devices from leaving Foxconn and does go after dev-fused iPhone sellers.
Motherboard's full report can be read over on the Motherboard website, and it is a fascinating look at the world of iPhone hacking for anyone who is interested in how iPhone vulnerabilities are uncovered.
Tags: cybersecurity, Apple security
[ 57 comments ]
Top Rated Comments
(View all)
25 weeks ago
Oh, I've been there, man! Long nights spent hacking away at devices on top of my… alligator leather covered table.
25 weeks ago
IP as a concept, as it exists today, was made up out of thin air by Oracle and Microsoft in the early 1990s as was way to lock out competitors. It's why we have the rediculous oligopoly situation today that let's Apple charge $1500 for a $500 piece of hardware.
Most of you grew up in the absurd situation we have today, so you think it's normal.
It is not. If you explained "IP" to a programmer in those days they would have laughed. Open Source grew out of programmers, who were appalled at the growing IP machine, to try to head it off before it took over everything.
That movement has more or less failed now. The machine won.
IP is anti-competitive, anti-capitalist BS that Congress is supposed to protect us from. Instead Congress sucks up money from companies like Apple, funding their lavish lifestyles, while average people continue to be screwed.
I found Richard Stalman's account!
25 weeks ago
Soo many adapters in that picture.
That's the standard setup for connecting an iPhone to a MacBook Pro these days, isn't it?!
25 weeks ago
As long as Apple continues to be cheap and build their iPhones in a country that condones IP theft, expect this to continue...
25 weeks ago
Hopefully someday a good completely open source (software and hardware) phone will come to market and we can leave all the proprietary bullpoo behind as a bad memory.
25 weeks ago
So there are backdoors. I am guessing that because it's called "Dev-fused" that there is a hardware fuse that when blown during provisioning removes the ability of the phone to be used this way. That means that the restriction is by-passable.
The $2000 cable just means that encrypted communications is also required and the cable contains the encryption hardware and/or keys. So much for Apple's pie the eye security. Still better than the competitors, but not much challenge for the NSA.
I don't think "development units without security measures installed" are equal to "retail devices with backdoors installed".
25 weeks ago
Sometimes I forget how big Apple really has become. The kind of problems Apple faces, few companies need to face.
25 weeks ago
Hopefully Tim Cook will check macrumors today and notice he’s got a leak in his ship. Maybe he’ll “double down on” making sure these devices don’t get misplaced so easily.
How much do you think Tim knows that you don't know about?
25 weeks ago
Hopefully Tim Cook will check macrumors today and notice he’s got a leak in his ship. Maybe he’ll “double down on” making sure these devices don’t get misplaced so easily.
[ Read All Comments ]
Netflix is testing a human curated discovery feature on iOS called "Collections" that surfaces TV shows and movies the user might be interested to watch (via TechCrunch).
Collections in...
Following a couple of weeks of trickling out early invitations, Apple this week launched Apple Card for all U.S. customers, offering broad access to the new digital and physical credit card issued in...
For this week's giveaway, we've teamed up with Vessel to offer MacRumors readers a chance to win a Signature 2.0 Backpack.
Vessel makes all kinds of backpacks, briefcases, and bags, but...
Discounts on the latest iMacs remain ongoing this month, with Amazon and B&H Photo now offering a new all-time-low price on the 27-inch Retina iMac with 8GB RAM and a 1TB Fusion Drive. This model...
Google and Apple calendars are not playing friendly right now.
As alerted to us by multiple MacRumors readers, there appears to be a syncing issue with Google Calendar and Apple's...
Apple Music today launched a new curated playlist called "New Music Daily," which as the name suggests, is updated every day with fresh songs.
Made up of "new music you simply...
Taylor Swift revealed today on Instagram that she will be the next partner in Apple's "Music Lab" sessions, which are available in Apple retail stores.
The Music Lab session will...
Satechi today announced the Type-C Dual Multimedia Adapter, which plugs into two of the MacBook Pro's USB-C ports to offer a handful of add-on ports.
In total, this includes: one 4K HDMI...
