Apple and its chief executive Tim Apple have been focusing on user privacy and security to differentiate their products from the competition. The iPhones are among the most secure smartphones available to consumers, but hackers always seem to find exploits in Apple’s secure systems. According to a months-long investigation conducted by Motherboard, hackers and security researchers have been using stolen prototype iPhones to look into Apple’s most sensitive code. But how do they get their hands on the prototypes?
Apple, were you aware of this?
Apple’s smartphones feature a Secure Enclave Processor (SEP) for deep, hardware-level cryptographic processing to keep your data secure. If you have the consumer version (also called ‘production fused’ version) of an iPhone, it’s nearly impossible for you to gain access to the Secure Enclave Processor.
But the prototype iPhones (also called ‘Dev-fused’ devices) have many security features disabled. Hackers and security researchers who manage to get their hands on the dev-fused iPhones could easily look in Apple’s security code and expose vulnerabilities on the SEP, which was designed to keep your iPhone safe.
Very few people have heard of the dev-fused iPhones because they are not intended to leave Apple’s production pipeline. However, Motherboard found that these prototype iPhones are sold in the gray market. They have become “one of the most important tools for the best iOS hackers in the world.” Back in 2016, security researcher Matthew Solnik had used the dev-fused iPhones to extract and study the Secure Enclave Processor (SEP) software.
The ‘dev-fused’ prototype iPhones are created for internal use at Apple, but they are also ending up in the unintended hands. According to Motherboard, these are the devices that haven’t finished the production process or have been reverted to the development state, and they have most of the security features disabled. So, researchers can easily obtain root access.
The prototype iPhones are sold by smugglers and middlemen for thousands of dollars to hackers and security researchers, who study the devices to develop a hack for the consumer version of iPhones that hundreds of millions of people use. The dev-fused devices are also used by high-profile firms that provide security services to law enforcement agencies and governments. Back in 2016, the FBI paid $1 million to an unknown firm to unlock a San Bernardino shooter’s iPhone.
How much do the prototype iPhones cost?
Depending on the model, the dev-fused iPhones could cost up to $20,000 in the Chinese gray market. A dev-fused iPhone 6 costs $1,300, an iPhone 8 Plus sells for as high as $5,000, an iPhone X can be had for just $1,800, while the iPhone XR costs $20,000. You can also buy the dev-fused iPads and iPods in the Chinese gray market.
The dev-fused iPhones look similar to the consumer version but they are unlike the consumer iPhone. They run the SwitchBoard software, which is Apple’s internal software for debugging. The devices can run only apps available on SwitchBoard. Hackers have to connect the prototype iPhones to a Mac using Apple’s Kanzi cable to gain root access to the phone. They can also access the Secure Enclave Processor (SEP) core.
The revelation could be a big blow to Apple because it will not only affect consumers but also its reputation. The Cupertino company has been focusing on services such as iCloud, Apple Music, Apple Pay, and the upcoming TV service. And Apple charges ridiculously high fees for its services. Its services business has an eye-popping gross margin of 63%.
Motherboard’s report comes at a time when Apple has partnered with Goldman Sachs to launch a credit card. According to the Wall Street Journal, the credit card will focus on Apple Pay and offer deep integration with iOS. It is expected to launch by the end of this year. Goldman Sachs is said to be investing $200 million to build the IT infrastructure and the support team to handle transactions.