Researchers and Hackers Use Rare Dev-Fused Prototype iPhones to Unlock Security Secrets

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Mar 6, 2019.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    If you've ever wondered how security researchers and hackers manage to bypass Apple's protections and security features to uncover iPhone vulnerabilities and other sensitive info, Motherboard is out today with a new report that has an answer.

    Hackers and security researchers use rare "dev-fused" iPhones created for internal use at Apple. These dev-fused iPhones have not finished the production process and have many security features disabled. Motherboard describes them as "pre-jailbroken devices."

    [​IMG]
    A dev-fused iPhone image shared with Motherboard by collector Giulio Zompetti​

    Dev-fused iPhones are smuggled out of Apple where they can sell for thousands of dollars on the gray market. These iPhones are incredibly valuable due to the fact that they can be used to locate vulnerabilities able to impact release versions of the iPhone.
    Motherboard spent months researching dev-fused iPhones, talking to more than two dozen sources ranging from security researchers and Apple employees to rare phone collectors and jailbreakers, and found that researchers, hackers, and high-profile companies like Cellebrite or GrayKey use these dev-fused iPhones to uncover bugs that can later be exploited by law enforcement agencies.

    A dev-fused iPhone was, for example, used in 2016 to study the Secure Enclave Processor, and security researchers were able to uncover valuable details on how it works. These dev-fused iPhones are stolen property and illegal to possess, but are apparently "widely used" in the iPhone hacking scene.
    Motherboard was able to find someone on Twitter who sells dev-fused iPhones, with a dev-fused iPhone X priced at around $1,800. The seller said that he's provided dev-fused iPhones to several security researchers and that he believes major security firms that hack iPhones also use them. Other sellers offer dev-fused iPhones at higher prices, and Motherboard found an iPhone XR priced at $20,000.

    Dev-fused iPhones are paired with a proprietary Apple cable called Kanzi that can cost upwards of $2,000, that, when plugged into a Mac, provides access to internal Apple software that offers root access to the phone.

    Most of these devices seem to be stolen from and smuggled out of factories like Foxconn in China. Apple is apparently "well aware" of the fact that dev-fused devices are available. Apple has "ramped up efforts" to keep these devices from leaving Foxconn and does go after dev-fused iPhone sellers.

    Motherboard's full report can be read over on the Motherboard website, and it is a fascinating look at the world of iPhone hacking for anyone who is interested in how iPhone vulnerabilities are uncovered.

    Article Link: Researchers and Hackers Use Rare Dev-Fused Prototype iPhones to Unlock Security Secrets
     
  2. AngerDanger, Mar 6, 2019
    Last edited: Mar 6, 2019

    AngerDanger macrumors 601

    AngerDanger

    Joined:
    Dec 9, 2008
    #2
    [​IMG]

    Oh, I've been there, man! Long nights spent hacking away at devices on top of my… alligator leather covered table.​
     
  3. Frign macrumors regular

    Joined:
    Aug 19, 2011
    #3
    Very interesting! I'm always amazed how far security researchers go to uncover vulnerabilities and examine software despite the manufacturer taking strong measures to ensure that this is not possible. Apple should in my opinion allow research like that on a broader scale, as anything else would be simply security by obscurity.

    Thankfully, iOS has a bug bounty program, but macOS doesn't. This should change.
     
  4. m4mario macrumors regular

    m4mario

    Joined:
    May 10, 2017
    Location:
    San Francisco Bay Area
    #5
    Sometimes I forget how big Apple really has become. The kind of problems Apple faces, few companies need to face.
     
  5. audiophilosophy macrumors member

    Joined:
    Sep 13, 2017
    Location:
    New Orleans
    #6
    Hopefully Tim Cook will check macrumors today and notice he’s got a leak in his ship. Maybe he’ll “double down on” making sure these devices don’t get misplaced so easily.
     
  6. 7thson macrumors 6502a

    7thson

    Joined:
    May 13, 2012
    Location:
    Six Rivers, CA
  7. AppleMad98004 macrumors 6502

    Joined:
    Aug 23, 2011
    Location:
    Cylde Hill, WA
    #8
    Why? It not in the interest of users to have vulnerable phones. This is a good fight. We need this to find vulnerabilities and privacy violations that Apple missed. Whether on purpose or by accident.
     
  8. nt5672 macrumors 68000

    Joined:
    Jun 30, 2007
    #9
    So there are backdoors. I am guessing that because it's called "Dev-fused" that there is a hardware fuse that when blown during provisioning removes the ability of the phone to be used this way. That means that the restriction is by-passable.

    The $2000 cable just means that encrypted communications is also required and the cable contains the encryption hardware and/or keys. So much for Apple's pie the eye security. Still better than the competitors, but not much challenge for the NSA.
     
  9. Aston441 macrumors 65816

    Joined:
    Sep 16, 2014
    #10
    Hopefully someday a good completely open source (software and hardware) phone will come to market and we can leave all the proprietary bullpoo behind as a bad memory.
     
  10. magbarn macrumors 68000

    Joined:
    Oct 25, 2008
    #11
    As long as Apple continues to be cheap and build their iPhones in a country that condones IP theft, expect this to continue...
     
  11. bandalay macrumors regular

    bandalay

    Joined:
    Apr 19, 2010
    Location:
    Canada
    #12
    From the article above…

    "Apple is apparently "well aware" of the fact that dev-fused devices are available. Apple has "ramped up efforts" to keep these devices from leaving Foxconn and does go after dev-fused iPhone sellers."
     
  12. Baymowe335 macrumors 601

    Joined:
    Oct 6, 2017
    #13
    How much do you think Tim knows that you don't know about?
     
  13. Aston441 macrumors 65816

    Joined:
    Sep 16, 2014
    #14

    IP as a concept, as it exists today, was made up out of thin air by Oracle and Microsoft in the early 1990s as was way to lock out competitors. It's why we have the rediculous oligopoly situation today that let's Apple charge $1500 for a $500 piece of hardware.

    Most of you grew up in the absurd situation we have today, so you think it's normal.

    It is not. If you explained "IP" to a programmer in those days they would have laughed. Open Source grew out of programmers, who were appalled at the growing IP machine, to try to head it off before it took over everything.

    That movement has more or less failed now. The machine won.

    IP is anti-competitive, anti-capitalist BS that Congress is supposed to protect us from. Instead Congress sucks up money from companies like Apple, funding their lavish lifestyles, while average people continue to be screwed.
     
  14. budselectjr macrumors 6502a

    Joined:
    Oct 6, 2009
    Location:
    Minnesota
    #15
    it's the scientific community man

    -Steve Zissou
     
  15. The Captain macrumors regular

    Joined:
    Oct 14, 2008
  16. lunarworks macrumors 68000

    Joined:
    Jun 17, 2003
    Location:
    Toronto, Canada
    #17
    Yes, and we'll be syncing them with RISC-V laptops powered by GNU/Hurd.
     
  17. Marcus PM macrumors regular

    Marcus PM

    Joined:
    Aug 9, 2011
    #18
    That's quite a christmas tree they've got going there.
     
  18. kemal macrumors 65816

    kemal

    Joined:
    Dec 21, 2001
    Location:
    Nebraska
    #19
    What will that $2000 cable do to a regular iPhone?
     
  19. TheShadowKnows! macrumors 6502a

    TheShadowKnows!

    Joined:
    Sep 30, 2014
    Location:
    National Capital Region
    #20
    After reading the Motherboard article, my thoughts:

    Chinese Intelligent Service rejoicing: Winning!

    And Cook's supply-chain management: Genius!
    A genius that has traded a decade-long, manufacturing advantage for a permanent loss of Apple's intellectual property.

    Hail to the Genius!
     
  20. 7thson macrumors 6502a

    7thson

    Joined:
    May 13, 2012
    Location:
    Six Rivers, CA
    #21
    I need to rewatch that. It didn't connect the first time, but I just watched Isle of Dogs and I really liked it.
     
  21. Schizoid macrumors 6502a

    Schizoid

    Joined:
    May 29, 2008
    Location:
    UK
    #22
    I spotted one of these recently, Initially i just thought it was a phone in diagnostic mode, but the whacky cabling drew my attention...
     
  22. bollman macrumors 6502

    Joined:
    Sep 25, 2001
    Location:
    Lund, Sweden
    #23
    Well, there is the Ubuntu Touch OS. I actually one of their first 2500 devices. I kinda liked it, and even contributed with Swedish localization to some apps.
    Canonical left it for dead, but it seems like it's going again: https://ubports.com
     
  23. tzm41 macrumors regular

    tzm41

    Joined:
    Jul 11, 2014
    Location:
    Boston
    #24
    I don't think "development units without security measures installed" are equal to "retail devices with backdoors installed".
     
  24. Kelly the Dude macrumors member

    Joined:
    Jun 1, 2008
    #25
    So glad somebody noticed that.
     

Share This Page

57 March 6, 2019