There’s a special type of iPhone with little to no security features. And for security researchers and hackers, these special iPhones are a goldmine.
They’re called “dev-fused” iPhones, according to an in-depth investigative Motherboard report. Essentially, they are devices that haven’t finished the production process or are otherwise in a development state. The publication describes them as “pre-jailbroken devices.”
As you might imagine, these devices are not meant for the public. In fact, they’re strictly mean for internal usage at Apple. But they can be a treasure trove for hackers and other security specialists who can get their hands on them.
That’s because these dev-fused iPhones have most of their security features disabled. As such, they can be used to find zero-day iPhone vulnerabilities. And Motherboard has learned that there’s a thriving gray market for these types of devices.
While dev-fused iPhones are rare, Motherboard’s investigation found that they do make their way onto the gray market — often for thousands of dollars. Motherboard was able to find a Twitter user selling a dev-fused iPhone for $1,800.
Many of the devices, which were never meant to leave Apple’s production pipeline, are smuggled out of the supply chain and resold.
For example, the dev-fused iPhones that Motherboard saw during its investigation have Foxconn decals and other production markings. Other than the supply chain labels, they look like normal iPhones until they are booted up.
“You briefly see a command line terminal. And then when it loads, gone are the sleek icons and colorful backgrounds of iOS,” Motherboard wrote.
But even then, these devices are relatively useless unless they are paired with another piece of Apple hardware: a proprietary USB cable called Kanzi. These cables, which can sell for up to $2,000, allow hackers to gain root access to a device’s firmware and software.
These dev-fused devices are stolen property and are therefore illegal to possess. But Motherboard reports that they’re actually “widely used” by both malicious hackers and security researchers.
Security researchers and black hat hackers have used dev-fused iPhones to uncover vulnerabilities and exploits. One of these devices was used to study Apple’s Secure Enclave processor, leading them to discover some interesting details about its inner workings.
Notably, some high-profile hacking firms, like Cellebrite and Grayshift, have also used the rare iPhones to develop their own iPhone hacking tools. These iPhone hacking tools are, ostensibly, meant for law enforcement use only. But another recent report revealed that they can often find their way into the wrong hands.
Apple, for its part, is “well aware” of this gray market and has “ramped up efforts” to keep dev-fused iPhones out of the public’s reach. The company also constantly works to patch security vulnerabilities that allow access to iOS and its other operating systems.
But as long as dev-fused iPhones are smuggled out of factories in Apple’s supply chain, there will likely always be new vulnerabilities for hackers to exploit.