If you thought the brute force based unlocking methods were a thing of the past, then think again. Youtuber EverythingApplePro has revealed a new hack that can allow anyone with a specially made device to unlock an iPhone 7 and iPhone 7 Plus. The alarming thing about this hack is that it works not only on iOS 10 all the way up to iOS 10.3.3 but also on iOS 11 beta.
Update: Apple has confirmed to TechCrunch that this bug has been fixed in iOS 11 beta 4 and will not be present when iOS 11 is released publicly next month.
The device we are talking about costs $500, so you can rest assured that not everyone is going to have access to it. But if you lose your device to someone who is up to date on current hacks or if you are worried police and law enforcement getting into your iPhone without permission, then you are out of luck.
The hack involves updating the device using a third-party update tool to downgrade iOS software. For the hack to work the update has to go through a third-party app and not iTunes. So you can be updating from iOS 10.2 to iOS 10.3.3 or downgrading iOS 11 beta to iOS 10.3.3 for this to work. Once the operating system has been installed iPhone asks user to enter passcode before it will start data recovery. The loophole is that at this particular passcode screen iOS does not limit number of passcode attempts as it normally does on the lockscreen.
So while after 5 failed lockscreen passcode attempts an iPhone will get locked, iOS will not enforce the lock on the data recovery screen. This allows the brute force gadget to perform unlimited attempts of entering all possible passcode combinataions before figuring out the right one.
The $500 gadget shown by the Youtuber seems quite advanced as it is capable of brute forcing up to 3 different iPhones at once. When the device figures out the passcode it displays it on its screen so person in possession of someone else’s iPhone can use it to completely unlock the device.
Interesting thing about this hack is that it will not only unlock the device but will also keep the iPhone owner’s data safe. So it can be exploited by the person who unlocked the device.
We are sure Apple will take steps in closing this vulnerability in the upcoming updates however if you want to stay on the safe side you can at the very least use 6-digit passcode on your iPhone or even better use custom text based passcode, so it will take much longer (weeks to months) for hackers to gain access to your device.