Utilizing a small hardware device, hackers are able to brute force hack up to three iPhone 7 or iPhone 7 Plus handsets simultaneously, thanks in large part to an exploit that was discovered in the process by which iOS updates on our devices.
The hacking is demonstrated in the video found below, which was provided courtesy of YouTuber “EverythingApplePro.” The narrator explains how the hack works, specifically outlining a process by which this $500 box takes advantage of the white “press home to recover” screen that iPhones display during an iOS update.
Once users connect the iPhone 7 to a MacBook Pro and reboot the device into DFU mode, an app called 3uTools is used to force the handset (or handsets) into updating without a passcode. Meanwhile, once the box arrives at the aforementioned screen, the brute force attack begins by attempting a new passcode roughly every 10-50 seconds until the handset(s) have been cracked.
Essentially, “They found a loophole in the data recovery state that allows you to use as many passcode attempts as you want,” the YouTuber explains, noting that the iPhone 7 will not lock a user out after the typical ten incorrect attempts; but instead the box will be able to attempt a seemingly infinite number of passcode combinations until the iPhone is hacked. The downside to using the box, supposing you’re even able to get your hands on one, is that the hacking process could take hours or days, depending on the complexity of the iPhone’s passcode. For example, a four-digit passcode would be much easier and take less time to crack than a six-digit or alphanumeric passcode would.
The exploit is apparently exclusive to just the iPhone 7 and iPhone 7 Plus, and will not work even on devices like the iPhone 6s or SE, the narrator notes. Moreover, the exploit will work only on iPhone 7 devices running iOS 10.3.3 or the latest iOS 11 beta.