The Prototype iPhones That Hackers Use To Research Apple's Most Sensitive Code

Hackers and security researchers use rare "dev-fused" iPhones created for internal use at Apple to bypass Apple's protections and security features to uncover iPhone vulnerabilities and other sensitive info, Motherboard reported Wednesday, citing two dozen security researchers, current and former Apple employees, rare phone collectors, and members of the iPhone jailbreaking community. From the report: These rare iPhones have many security features disabled, allowing researchers to probe them much more easily than the iPhones you can buy at a store. Since the Black Hat talk, dev-fused iPhones have become a tool that security researchers around the world use to find previously unknown iPhone vulnerabilities (known as zero days), Motherboard has learned. Dev-fused iPhones were never intended to escape Apple's production pipeline have made their way to the gray market, where smugglers and middlemen sell them for thousands of dollars to hackers and security researchers. Using the information gleaned from probing a dev-fused device, researchers can sometimes parlay what they've learned into developing a hack for the normal iPhones hundreds of millions of people own.

They made physical debug skeleton keys

... and they let them get away. That's got to suck.

End of the article claims Apple doesn't benefit

[SuperKendall]

I disagree with the conclusion, they claim Apple does not benefit...

But Apple does, by having a lot of people unveil bugs they might never have found themselves.

Yes it can lead to a few exploits, but in the long run probably fewer than there would have been were Apple successful in never having dev devices stolen.

It sure seems like there are a lot of severe countermeasures Apple could take related to these devices, if they cared seriously about them being taken.

Re:End of the article claims Apple doesn't benefit

They do take extreme measures, they track and secure destroy virtually all prototypes. Although the shear volume (5000+ a build per product) and the china escape point make it difficult to catch them all. The article brings me back to my Apple days. The special cables and dev fused means you could remotely GDB the kernel! So amazing to solve problems.

Re:End of the article claims Apple doesn't benefit

[Bert64]

Keeping these devices under wraps is actually detrimental, as you put them out of reach of legitimate white hat security researchers.
As a result, the only people acquiring these devices and performing research on them will be well funded blackhat groups like organised crime and government agencies who will keep any exploits they find for their own use.

It's hackers! Hacking! With hacks!

Ah, the daily msmash spree of bullshit articles from bullshit sources. It's like this editor really is incapable of doing any better.

Propaganda fangirl Kendall doesn't see the problem

Well, security issue closed, Kendall doesn't see it. I guess story over. /s

Re: End of the article claims Apple doesn't benefi

Bumbling and bungling so called security researcher never miss an opportunity to be sloppy. A real bunch of characters you got in that there Dev-fused arena

What did you say your security credentials were?

Kendall you get caught making shit up on an hourly basis on this site. On what basis are you evaluating this and presenting your hand-in-ass opine? You don't know anything about this.

Blackberry had them as well

Interesting. I used to work for RIM and we had these 'unsecured' phones as well. Most test phones needed remote authentication to use specific commands (PKI + RIM employee account), but some tests require uninterrupted communications, and that's where these phones come in.

The unsecured phones themselves have many of the securities disabled, and you can mass with anything from the baseband firmwares to load a completely new unsigned OS on them (also fun things like send direct bitmap commands to the LCD, flash buttons, sounds, camera, etc.)

Obviously these phones were *a big deal*. You needed to have a very good reason to request one, and they require constant monitoring of their whereabouts. 1 time out of the blue a man in a trench coat (think 50s UFO FBI agent) literally appeared in our office and demanded the whereabouts of one such phone. When we couldn't find it (as it fried and we discarded it), he went thru every supply cabinets/drawers in our office.

What I want to say is, I am very surprised Apple doesn't do the same thing.

Re: End of the article claims Apple doesn't benefi

Kendall is illiterate, stop making fun of her. She's sensitive, excessive fecklessness and video games have made her bones weaker than her tinfoil arguments. Kendall basically has no bones or rigid components whatsoever.

Re: What did you say your security credentials wer

Kendall slaves away over a hot stove all day and never even has to correct his idiotic posts after hours. Must be too busy eating Bon bons and passing out drunk on the kitchen table. What a loser you're gonna die a fiery death alone

Bill Joy's Law of management

But Apple does, by having a lot of people unveil bugs they might never have found themselves.

Joy's Law (by Bill Joy, co-founder of Sun Microsystems): no matter who you are, most of the smartest people work for someone else.

* https://en.wikipedia.org/wiki/Joy%27s_law_(management)

SO thousands of dollars

Seems cheap given the real phone is almost thousands of dollars. I was expecting hundreds of thousands for such a desirable prototype.

Re: End of the article claims Apple doesn't benefi

They do"benefit" from bugs found...

But they lose more from reputation damage that they're problem \ virus free (at least from the masses)

How much?

>where smugglers and middlemen sell them for thousands of dollars to hackers and security researchers

So basically, list price then.

Can you actualy reset those fuses?

What level of effort do you need. Some sort of microscopic soldering or are we talking about electron microscopes?