Hackers are taking advantage of “dev-fused” iPhones, meant only for internal usage within Apple, to discover how systems and sensitive components in the smartphone function, with the publicly-unavailable variant now a highly prized tool for security researchers searching for vulnerabilities in the hardware and in iOS.
The Cellebrite Universal Forensic Extraction Device (UFED), an item that may have been created using hacks gleaned from a ‘dev-fused’ iPhone
Researchers hunting down potential exploits and issues with the highly-popular iPhone have, over the last few years, discovered a shortcut to finding out how to look closely at the inner workings of the device, while avoiding all of Apple’s security processes and systems for preventing the public from accessing elements they cannot see. The method is to effectively acquire an internal version of the iPhone that simply does not have the same level of protections as a consumer-released model.
The version, dubbed “dev-fused” and sometimes called a “prototype,” is an iPhone that has not completed the production process or has been reverted to a development state, reports Motherboard. Meant only for use by Apple’s engineers, the units have most of their security functions disabled, more so than typical jailbroken versions, giving those in possession of it an opportunity to look at how the software functions unhindered by its security.
The dev-fused units occasionally surface on the gray market, and can end up selling for thousands of dollars to interested parties. Once acquired, the units can be “rooted” and used to find a hack that could be used on consumer iPhones, and has the potential to be used by governments and law enforcement agencies.
It is claimed by multiple report sources that Cellebrite, a security firm that allegedly aided law enforcement officials as part of the investigation into the San Bernardino shooting, has acquired some dev-fused devices as part of its product development. Hackers who may have been among the first to show off information gleaned via a dev-fused device are also said to be working for Azimuth, another security firm known for producing hacking tools for the US, Canadian, and UK governments.