Apple, A $20,000 iPhone XR And Jailbreaking – Apple’s Secret Code Leaks?
When it comes to leak, Apple hates them more than other companies. The company's late co-founder Steve Jobs was known for this hatred, and his threats to Gizmodo for leaking the iPhone 4s are well recorded. However, in addition to leaks of upcoming iPhones, Apple also has a bigger problem on its hands. The Cupertino based tech giant's smartphones are renowned for their security and as a result, exploits of Apple's hardware and software are worth thousands of dollars. Now, we've got a big report on of the ways researchers and jailbreakers find exploits for Apple's devices. Take a look below for more details.
Dev-Fused iPhones Sell For Up To $20,000 On The Grey Market And Allow Researchers To Discover Exploits And Gain Knowledge Of How Apple's Secure Enclave Works
With innovation getting harder day by day in the flagship market, Apple has increasingly turned to security as a key factor that differentiates all of its gadgets from their competitors. This fact became more prominent after Apple introduced the T2 security chip on the MacBook Pro, and beefed up security on the iPhone XS lineup.
Exploits into the Cupertino tech giant's ecosystem are becoming more precious, and now the good folks over at Motherboard have conducted a thorough investigation on how researchers and hackers gain access into Apple's secure systems.
For the uninitiated, Apple's mobile gadgets work through what's dubbed as the Secure Element. This is a separate portion of silicon on the iPhone XS, XS Max and XR that is responsible for processing deep, hardware-level cryptographic processing. Gaining access to the Secure Enclave at a basic level is impossible if you have what are dubbed as 'Production fused' devices. These devices are what consumers can purchase through Apple or other retailers.
“Prod fused means there’s a specific pin on the board that is ‘blown’ in the production phase. The board checks that pin to see if the device is prod or not,” a former Apple employee who wanted to remain anonymous because he is bound by a non-disclosure agreement, told Motherboard. “If it isn’t, and the firmware is dev version, then certain features are enabled.”
These devices are similar to regular iPhones only in appearance. You can't use them like your everyday iPhone though since the gadgets run using apps available on Switchboard. Switchboard is Apple's app store for employees only, and it features apps such as Reliability, Concierge, Expresso and more. Additionally, these devices also run on a software dubbed SwitchBoard, which is Apple's internal software for debugging.
Connecting the 'Dev-fused' iPhone with a Mac using Apple's proprietary Kanzi cable allows a researcher to gain root access to the smartphone. If the device has a Secure Enclave (first introduced on the iPhone 5s), then you'll be able to gain access to this processor core. The SEP's SEP OS can be accessed by using a command line interface based tool called seputil.
Once the dev-fused iPhone is connected to the Mac with the Kanzi cable, gaining root access to the smartphone requires a simple user log-in and password. Once you enter this, you're free to take a look at nearly all of Apple's security secrets.
The dev-fused iPhones have different prices, depending on the model. According to the investigation, "A dev-fused iPhone 8 Plus costs $5,000, an iPhone XR $20,000, and an older iPhone 6 costs $1,300." Additionally, the smartphones are further categorized according to the level of access they offer the buyer. So an older iPhone with a deeper level of access will be expensive when compared to those unable to offer it.
As to the source of these devices? Most of the time they're from China, where you can buy them for really cheap at the black markets that operate around Apple's manufacturing partners' facilities in Shenzen. In fact, these devices are not limited to the iPhone. A bit of digging around reveals that you can also get units of the iPad and the iPod.
All in all, this isn't something you get to hear about every day and given how Apple's latest iPhones are intent on aggregating services (including financial), any lapse in security carries with it the potential to cause serious loss to the user and to the company's reputation.
Thoughts? Let us know what you think in the comments section below and stay tuned. We'll keep you updated on the latest.