Researchers and Hackers Use Rare Dev-Fused Prototype iPhones to Unlock Security Secrets

If you've ever wondered how security researchers and hackers manage to bypass Apple's protections and security features to uncover iPhone vulnerabilities and other sensitive info, Motherboard is out today with a new report that has an answer.

Hackers and security researchers use rare "dev-fused" iPhones created for internal use at Apple. These dev-fused iPhones have not finished the production process and have many security features disabled. Motherboard describes them as "pre-jailbroken devices."

A dev-fused ‌iPhone‌ image shared with Motherboard by collector Giulio Zompetti

Dev-fused iPhones are smuggled out of Apple where they can sell for thousands of dollars on the gray market. These iPhones are incredibly valuable due to the fact that they can be used to locate vulnerabilities able to impact release versions of the ‌iPhone‌.

On the back of dev-fused iPhones seen by Motherboard, there's a QR-code sticker, a separate barcode, and a decal that says "FOXCONN," referring to the factory that makes iPhones and other Apple products. Otherwise, the phones look like normal iPhones. That standard ‌iPhone‌ experience ends when the phone is turned on. When booted up, you briefly see a command line terminal. And then when it loads, gone are the sleek icons and colorful backgrounds of iOS.

Motherboard spent months researching dev-fused iPhones, talking to more than two dozen sources ranging from security researchers and Apple employees to rare phone collectors and jailbreakers, and found that researchers, hackers, and high-profile companies like Cellebrite or GrayKey use these dev-fused iPhones to uncover bugs that can later be exploited by law enforcement agencies.

A dev-fused ‌iPhone‌ was, for example, used in 2016 to study the Secure Enclave Processor, and security researchers were able to uncover valuable details on how it works. These dev-fused iPhones are stolen property and illegal to possess, but are apparently "widely used" in the ‌iPhone‌ hacking scene.

"If you are an attacker, either you go blind or with a few thousand dollars you have all you need," Luca Todesco, one of the most well-known iOS security researchers in the world, told Motherboard, referring to people who buy dev-fused iPhones. "Some people made the second choice."

Motherboard was able to find someone on Twitter who sells dev-fused iPhones, with a dev-fused ‌iPhone‌ X priced at around $1,800. The seller said that he's provided dev-fused iPhones to several security researchers and that he believes major security firms that hack iPhones also use them. Other sellers offer dev-fused iPhones at higher prices, and Motherboard found an iPhone XR priced at $20,000.

Dev-fused iPhones are paired with a proprietary Apple cable called Kanzi that can cost upwards of $2,000, that, when plugged into a Mac, provides access to internal Apple software that offers root access to the phone.

Most of these devices seem to be stolen from and smuggled out of factories like Foxconn in China. Apple is apparently "well aware" of the fact that dev-fused devices are available. Apple has "ramped up efforts" to keep these devices from leaving Foxconn and does go after dev-fused ‌iPhone‌ sellers.

Motherboard's full report can be read over on the Motherboard website, and it is a fascinating look at the world of ‌iPhone‌ hacking for anyone who is interested in how ‌iPhone‌ vulnerabilities are uncovered.

Top Rated Comments

(View all)
Avatar
22 months ago


Oh, I've been there, man! Long nights spent hacking away at devices on top of my… alligator leather covered table.
Score: 26 Votes (Like | Disagree)
Avatar
22 months ago
What's gray about selling stolen property?
Score: 11 Votes (Like | Disagree)
Avatar
22 months ago
Sometimes I forget how big Apple really has become. The kind of problems Apple faces, few companies need to face.
Score: 4 Votes (Like | Disagree)
Avatar
22 months ago

So there are backdoors. I am guessing that because it's called "Dev-fused" that there is a hardware fuse that when blown during provisioning removes the ability of the phone to be used this way. That means that the restriction is by-passable.

The $2000 cable just means that encrypted communications is also required and the cable contains the encryption hardware and/or keys. So much for Apple's pie the eye security. Still better than the competitors, but not much challenge for the NSA.

I don't think "development units without security measures installed" are equal to "retail devices with backdoors installed".
Score: 4 Votes (Like | Disagree)
Avatar
22 months ago
Hopefully someday a good completely open source (software and hardware) phone will come to market and we can leave all the proprietary bullpoo behind as a bad memory.
Score: 4 Votes (Like | Disagree)
Avatar
22 months ago
As long as Apple continues to be cheap and build their iPhones in a country that condones IP theft, expect this to continue...
Score: 4 Votes (Like | Disagree)

Top Stories

First iPhone 12 Mini Hands-On Video Surfaces [Update: Video Pulled]

Wednesday October 28, 2020 1:21 pm PDT by
Apple's iPhone 12 mini and the iPhone 12 Pro Max aren't set to be available until November 13, but a Romanian YouTuber got his hands on the iPhone 12 mini and showed it off today, offering a size comparison between the iPhone 12 and the 12 mini along with going over some of the device's features. The iPhone 12 mini is identical to the iPhone 12 in design and functionality, but it has a...

Apple References Unreleased 2020 16-Inch MacBook Pro in Boot Camp Update

Monday October 26, 2020 8:42 am PDT by
Last week, Apple released an update for Boot Camp, its utility for running Windows on a Mac. While this update would typically be unremarkable, several of our readers noticed that the release notes reference an unreleased 2020 model of the 16-inch MacBook Pro. While this could easily be a mistake, the 16-inch MacBook Pro is nearly a year old, so it is certainly a worthy candidate for a...

After Mocking Apple, Samsung May Remove Power Adapter From Galaxy S21 Box

Tuesday October 27, 2020 4:29 pm PDT by
Samsung's Galaxy S21, coming in 2021, may not include a power adapter or headphones in the box, according to reports from Korean media sites highlighted by SamMobile. Rumors earlier this year also said that Samsung was considering removing these accessories from future smartphone models, but that didn't stop Samsung from mocking Apple for selling the iPhone 12 models without a power adapter...

Report: Apple Silicon iMac Featuring Desktop Class 'A14T' Chip Coming First Half of 2021

Tuesday October 27, 2020 4:14 am PDT by
The first iMac powered by Apple Silicon is set to arrive in the first half of next year and will feature a desktop class "A14T" chip, according to Chinese-language newspaper The China Times. Codenamed "Mt. Jade," Apple's first custom-made desktop processor will be twinned with its first self-developed GPU, codenamed "Lifuka," both of which are being produced using TSMC's 5-nanometer process, ...

iPhone 12 Ceramic Shield Still 'Scratches at Level 6 With Deeper Grooves at Level 7' in Mohs Hardness Test

Wednesday October 28, 2020 7:10 am PDT by
iPhone 12 and iPhone 12 Pro models feature a new Ceramic Shield front cover that is "tougher than any smartphone glass," according to Apple, but the displays on the devices still have similar scratch resistance as previous iPhones based on a new test. Zack Nelson today shared his much-anticipated iPhone 12 Pro durability test on his YouTube channel JerryRigEverything, and based on the Mohs...

2020 iPad Air vs. iPad Pro: Hands-On Comparison

Tuesday October 27, 2020 3:03 pm PDT by
Apple announced the new 2020 fourth-generation iPad Air in September, but the new tablets just started shipping out to customers last Friday. We picked one up and thought we'd do a hands-on comparison with the iPad Pro, which was last updated in March, because both tablets are about as powerful and share many similarities. Subscribe to the MacRumors YouTube channel for more videos. Design and ...

MagSafe Charger Only Charges at Full 15W Speeds With Apple's 20W Power Adapter [Updated]

Monday October 26, 2020 3:38 pm PDT by
Alongside the iPhone 12 and 12 Pro models, Apple introduced a new MagSafe charger that attaches to the magnetic ring in the back of the devices, providing up to 15W of charging power, which is double the speed of the 7.5W Qi-based wireless charging maximum. Apple does not provide a power adapter with the $39 MagSafe charger, requiring users to supply their own USB-C compatible option. Apple...

Apple Files Mystery 'Personal Computer' With Placeholder 'B2002' Name in Bluetooth Product Database

Tuesday October 27, 2020 12:36 pm PDT by
Last week, a listing appeared in the Bluetooth product database for an Apple product with a placeholder name "B2002" and a model number of "TBD." MacRumors was alerted to the listing by health and fitness tech website MyHealthyApple. The product is filed under the "personal computer" category, which Apple has used for previous Mac and iPad listings in the database, so it is hard to pinpoint...

Apple Releases First macOS Big Sur 11.0.1 Beta to Developers [Update: Public Beta Available]

Wednesday October 28, 2020 10:15 am PDT by
Apple today seeded a new macOS Big Sur 11.0.1 beta to developers for testing purposes, with the new beta replacing the existing macOS Big Sur 11 beta 10 update that was released two weeks ago. The macOS Big Sur beta can be downloaded through the Apple Developer Center and once the appropriate profile is installed, subsequent betas will be available through the Software Update mechanism in...

iPhone 12 Models Might Support Reverse Charging of Future Apple Accessories According to FCC Filing

Tuesday October 27, 2020 6:25 pm PDT by
iPhone 12 models could have an inactive wireless charging feature for accessories, according to an FCC filing discovered by VentureBeat's Jeremy Horwitz. In the filing, Apple said that 2020 iPhones support a wireless charging function that will seemingly be enabled for at least one future Apple accessory:In addition to being able to be charged by a desktop WPT charger (puck), 2020 iPhones...