By Heather Hamilton, contributing writer
Despite the iPhone’s reputation for being utterly impenetrable, a homebrewed $500 device proves that it can crack the four-digit pin on any iPhone 7 thanks to a firmware exploit. Earlier this month, YouTube broadcaster EverythingApplePro recorded a video in which he demonstrates the devices in action, simultaneously cracking three device passcodes at once.
The tool exploits a data recovery state in the phones that allow users to enter passwords without fear of reaching a problematic threshold. A user could theoretically enter codes forever.
iPhone 7s and 7+ running iOS between 10.3.3 and 11 Beta are at risk, reports EverythingApplePro. If your phone is running an older version, a potential attacker would need only to import firmware, which typically requires a passcode. The device utilizes software that simply skips this step.
Potentially, the device may need a few days to retrieve your passcode, though simpler ones are more quickly and easily discovered. The brute-force tool consists of silicon boards, a processor, a micro-USB to power the device, buttons, another micro-USB, and a lightning port that can also be used for power. Everything is sandwiched between two plates of glass.
Apple Insider points out that the hardware includes light sensors to ensure that the iPhone display stays turned on as the hack takes place.
According to the video, the vulnerability lies in the screen before the update completing itself wherein a user can access data recovery, which isn’t limited in passcode attempts. By plugging in up to three devices and identifying everything you might know about a user’s passcode (if you know what number it begins with or if it is four or six digits, for example), you can have the passcode in as little as a few minutes. After you’ve adjusted the device settings, it begins to cycle through codes beginning with 000 and going up to 999.
Initially, the device takes around 50 seconds to try out a code, but this speeds up as the device covers more ground. Once the code has been identified, the device freezes it, allowing the user to enter it into the iPhone, where they simply enter it, finish the update, and access the phone.
The Next Web points out that, given Apple’s refusal to provide the process to unlock the iPhone during the San Bernadino case, it is “truly wild to consider that someone is selling a $500 solution to a problem that the FBI ended up wasting millions on.”
Hacking the passcode cannot bypass iCloud, and EverythingApplePro assures viewers that Apple is typically quick to respond with a patch. And even then, TechCrunch emphasizes the impractical nature of device — if you haven’t changed your passcode recently and it is six digits, it could take up to 19 years to crack it.
Sources: EverythingApplePro,Apple Insider,The Next Web,TechCrunch
Image Source: Pixabay
Advertisement
Learn more about Electronic Products Magazine
