[jdironman]

I highly doubt they would put those methods in the hands of people working at recycling centers. I feel like if, and that's a big if, they have that kind of capabilities it would be reserved for special case uses. I mean really special case uses.

[derefr]

Keep in mind that "recycling centre" here refers to an intake channel at their own factories; and that the firmware side of the recycling process isn't done by a technician themselves, but by a specialized "sanitizer" unit that the tech plugs the phone into. (Picture a disk degausser, but with a slot for a phone rather than a hard disk. Something heavy enough that you can't simply walk away with one!)

Is it hard to believe that, if iOS devices had a mode "deeper than DFU" that enabled control over the SEP firmware, that such machines would be implemented in terms of that mode?

And I mean, it's not like I'm making this idea up. This sort of "secret hardware-level handshake between recycling/repair machines and production devices, to put said devices back into a lowest-level firmware flashing mode that bypasses all user protections" was discovered to exist on the Nintendo 3DS, and was turned into a permanent jailbreak method for those. It might be an industry-wide practice. (It's hard to tell, because even on a rooted device, you can't just "dump" the ASICs and scan them for a backdoor handshake.)

[mseebach]

A device that can launder stolen phones regardless of security settings is still something to keep in limited circulation, even if you can't pick it up and walk away with it.