Hackers Used “Prototype” iPhones to Study Apple’s Secure Enclave Processor

Back in 2016, security researcher Mathew Solnik and his team were able to extract and study the iPhone’s sensitive Secure Enclave Processor (SEP) software using what are now called “dev-fused” iPhones or pre-jailbroken devices, that are created exclusively for internal use at Apple, Motherboard has learned.

Dev-fused iPhones, which are sometimes called “prototypes” in the security research industry, are essentially phones that have not finished the production process or have been reverted to a development state. Since these iPhones have many security features disabled, they allow researchers to probe them much more easily than the retail devices.

The source spoke to dozens of sources, including security researchers, current and former Apple employees, in a months-long investigation which has revealed that these dev-fused iPhones not only helped Solnik’s team research Apple’s most sensitive code but have now become one of the most important tools for the best iOS hackers in the world:

Dev-fused iPhones that were never intended to escape Apple’s production pipeline have made their way to the gray market, where smugglers and middlemen sell them for thousands of dollars to hackers and security researchers. Using the information gleaned from probing a dev-fused device, researchers can sometimes parlay what they’ve learned into developing a hack for the normal iPhones hundreds of millions of people own.

Prototype iPhones are also used by some of the highest-profile companies that research and hack iOS to find valuable bugs that may later be exploited by governments and law enforcement agencies.