The Prototype iPhones That Hackers Use To Research Apple's Most Sensitive Code 16
Hackers and security researchers use rare "dev-fused" iPhones created for internal use at Apple to bypass Apple's protections and security features to uncover iPhone vulnerabilities and other sensitive info, Motherboard reported Wednesday, citing two dozen security researchers, current and former Apple employees, rare phone collectors, and members of the iPhone jailbreaking community. From the report: These rare iPhones have many security features disabled, allowing researchers to probe them much more easily than the iPhones you can buy at a store. Since the Black Hat talk, dev-fused iPhones have become a tool that security researchers around the world use to find previously unknown iPhone vulnerabilities (known as zero days), Motherboard has learned. Dev-fused iPhones were never intended to escape Apple's production pipeline have made their way to the gray market, where smugglers and middlemen sell them for thousands of dollars to hackers and security researchers. Using the information gleaned from probing a dev-fused device, researchers can sometimes parlay what they've learned into developing a hack for the normal iPhones hundreds of millions of people own.
End of the article claims Apple doesn't benefit (Score:5, Interesting)
I disagree with the conclusion, they claim Apple does not benefit...
But Apple does, by having a lot of people unveil bugs they might never have found themselves.
Yes it can lead to a few exploits, but in the long run probably fewer than there would have been were Apple successful in never having dev devices stolen.
It sure seems like there are a lot of severe countermeasures Apple could take related to these devices, if they cared seriously about them being taken.
Re: (Score:2)
Keeping these devices under wraps is actually detrimental, as you put them out of reach of legitimate white hat security researchers.
As a result, the only people acquiring these devices and performing research on them will be well funded blackhat groups like organised crime and government agencies who will keep any exploits they find for their own use.