A unique new exploit is said to take advantage of just Apple’s iPhone 7 and iPhone 7 Plus running recent firmware, utilizing a small device to brute force hack and bypass the iOS lock screen passcode of up to three handsets at a time.
The hack was demonstrated on video by YouTuber “EverythingApplePro,” who noted that the exploit does not work on older devices like an iPhone 6s or iPhone SE.
In addition, it’s specific to iOS 10.3.3 or the latest iOS 11 beta.
The hardware is sandwiched between two panes of glass, and features three full-size USB ports to attempt to crack three iPhone 7 units at a time.
It also has a micro USB port and even an Apple Lightning port that can be used to power the hardware.
As for how it works, the hack apparently takes advantage of the update process in iOS.
If you remember the FBI paid millions of dollars to Israeli firm Cellebrite to unlock San Bernardino gunman’s iPhone.
Now, it turns out that a $500 device that can recover passcodes of not one or two but three iPhone 7 at the same time.
Believe it or not but this American YouTuber has posted a video showing a device just the size of a phone retrieving the iPhone passcode in a jiffy.
Called the iPhone Unlocker, the device has been produced in China, and the YouTuber probably bought it online. Wondering how it performs this humongous task?
It doesn’t bypass passcode, but the device enters the passcodes in sequence such as 0000, 0001, etc. it is worth noting that the device can try out passwords on at least three iPhones simultaneously. The process continues until the correct password is retrieved.
The phone’s reaction to the entered passcode serves as an indicator of passcode’s accuracy. The code is noted from the device and entered into the phone when the lock screen is displayed.
However, the trick seems unreal because let’s face the fact; it is The iPhone… It is seemingly impossible to retrieve the correct passcode by continually trying out different combinations just because the phone doesn’t allow too many wrong guesses. So how does it happen with the device?
The video explains about it as well. It says that there are certain situations such as halfway through a firmware update when it is possible to try out passwords because the phone won’t get locked after multiple wrong guesses. Believably the device exploits similar situations to keep on entering a series of numbers.
However, the trick isn’t as easy to pull off as you might be thinking because there are salient conditions without which the method won’t work. For instance, it is important that you have recently changed your password. TechCrunch explains that the password must be changed at the last minute if you want to make unending guesses. Secondly, forcing the phone to run a firmware update is important to create a situation that would allow entering of passwords. Thirdly, the password must be brief.
The device will try six passwords in a minute, and this means the guessing rate is much slower (twenty times slower according to TechCrunch) if you changed your password about ten minutes, ago.
The video shows that three iPhones were cracked within 12 minutes but it was evident that the phones were deliberately configured with similar passcodes, that is, 0015, 0016 and 0012.
The device started guessing the passcode from 0000 so guessing the correct passcode wasn’t a big deal. Let’s assume that you have a 6-digit password and you haven’t changed your password in past few minutes then the gizmo trick is useless as it will keep entering codes for as long as ten years.
The reason is that every extra digit will slow down the guessing time by a factor of 10.
So, a seven digit password will take a few decades to be retrieved.
This means, even someone steals your iPhone, this device trick will only work if your password is short and belongs to the list of easy-to-guess codes such as 123456, 5683 or 111111.
Remember that the method works only on some models of iPhone 6 and 6s while it is fully compatible on iPhone 7 and 7 Plus. However, we do know that the flaw will soon be eliminated in the upcoming iOS 11.
The device manufacturer is advertising the product quite fiercely instead of promoting it discreetly primarily because it eventually will become worthless after the shipping of iOS 11.
But still, users need to stay cautious. Always keep your phone close to you if you have changed your password and select a lengthy passcode (6 digits long password is the current average, so we suggest you select longer than that). Most importantly, upgrade to iOS 11 immediately after it comes out.
Watch the demonstration below: