Hype Before the Pre-Launch – Botters Take Notice

Apple’s world of spatial computing has arrived. Almost.

Earlier this month, Apple announced the Vision Pro will be available for sale in the U.S. beginning Friday, February 2, at all U.S. Apple Store locations and U.S. Apple Store online. Pre-orders for Apple Vision Pro began on Friday, January 19, at 5 am PST.

It is estimated that anywhere between 60,000 to 180,000 devices were manufactured for the launch. Despite a price tag starting at $3,499, the device sold out quickly. With more than 135 million iPhone users in the U.S. it seems reasonable that the surge of early adopter demand from within Apple’s loyal fanbase outpaced supply.

Days before the pre-order event, people wanting to be one of the first to experience this new device could purchase a “confirmed pre-order” Vision Pro 256GB on secondary marketplaces for up to $5,999 – more than a 70% markup:

 

Apple Vision Pro for sale on reselling sites

Confirmed pre-orders were sold on eBay for up to $5,999 in advance of the January 19th pre-order.

 

Over the past month, Kasada has observed chatter within the botting communities about their interest in the Apple Vision Pro in anticipation of one of the biggest scalping opportunities for 2024. Interest included developers updating modules within their existing bots (or adding support for Apple), including service providers offering AIO bots (all-in-one bots) for purchase to those willing to pay for it. 

Kasada researchers uncovered the factors that made the Apple Vision Pro an attractive prospect for bots:

  • Expected Demand vs. Supply: the anticipated demand far exceeded the limited supply, creating a lucrative opportunity for resellers.
  • High Markup: With a sizable markup of thousands per unit, bots saw the potential for substantial profit.
  • Flexible Return Policy: A 14-day return policy minimized risks for scalpers, providing an avenue to liquidate inventory.


Face ID to Stop the Bots?

One of the unique attributes related to the pre-order, not associated with iPhone 15 Pro Max or other Apple products, was the requirement for both a Face ID and Apple ID to purchase the Vision Pro. While the Face ID was deemed a necessary requirement to make sure the light seal and headbands were of the proper fit – there was also speculation it could be a means to fight scalpers.

Kasada researchers were ready to observe whether bots could automate against the Pro Vision checkout process and how they would handle the Face ID requirements.

 

Pre-Order Day Findings – January 19, 2024

Not surprising, the Apple Vision Pro sold-out almost immediately for those seeking online ordering and delivery. Those available for in-store pickup took a little longer before being sold-out.

Kasada threat research identified notable botting activities during the pre-sale whereby several thousand were found to be purchased successfully by bots. Our key findings include:

(1) Face ID was not used to deter bots.

Face ID was not used primarily to stop bots (or multiple purchases), it appears as though it was more about the fit. Below is an example of a bot available for use that simply hardcoded the developer’s face scan value. Of course, those who use this bot as-is would be subject to purchasing the same size as what had been hardcoded. Note how the bot continuously checks for restocks when additional inventory suddenly becomes available.

A screenshot of a message from a bot operator explaining who they bypassed Apple Face ID security check

(2) Apple ID restriction did not limit quantity.

Bots were able to circumvent the Apple ID restriction purchase limits. Kasada has found one bot was used to successfully check out 1,592 Vision Pro pre-orders, when used within an entire community. Some individuals within this community claimed to have obtained more than one device for themselves. This might have been accomplished by successfully obtaining newly generated or aged Apple accounts in advance of the event. At $2,500 above MSRP, this one bot would represent about a $4 million profit, assuming the entire inventory is resold.

Also, some botting groups added store stock tracking, so users could search stock based on geography and go in-store to do the head scan using one of their devices and checkout. A user could easily create another Apple ID if asked and repeat it at another Apple store. From the messages seen so far, they are doing this more in metropolitan areas since Apple is more likely to have multiple stores and higher stock in such areas.

A screen showing a bot successfully pre-ordering apple vision pro goggles.

At the current time, resale value varies depending on size. Those with the largest light seals are currently up for sale at the highest markup, with a price of $9,000 for a U.S. Small Band, 33W Light Seal according to StockX.

A picture of an Apple Vision Pro for sale on reselling site StockX.


While thousands of Vision Pro devices were purchased in aggregate using bots, the high MSRP and custom sizing resulted in what appears to be many users obtaining a small quantity with their bots. As opposed to other hype drops where a small number of bot operators and communities are able to secure larger quantities of inventory. Kasada will continue to monitor botting activity for the Apple Vision Pro as there’s little doubt that these will be targets for scalpers into the foreseeable future.

 

Free KasadaIQ Snapshot – See What We See

Kasada monitors over 2,000 unique collection sources to mine the most comprehensive intelligence from millions of data points from unconventional sources. Request a free KasadaIQ snapshot to see what we see with a free personalized assessment summarizing how bots are targeting your business.

Want to learn more?

  • Why CAPTCHAs Are Not the Future of Bot Detection

    I’m not a robot” tests are definitely getting harder. But does that mean more complex CAPTCHAs are the right path forward to outsmart advancing AI and adversarial technologies?

  • The New Mandate for Bot Detection – Ensuring Data Authenticity

    Can the data collected by an anti-bot system be trusted? Kasada's latest platform enhancements include securing the authenticity of web traffic data.

Beat the bots without bothering your customers — see how.