A little black box makes it easy to unlock almost any iPhone even when it's secured with your fingerprint
The International Business Times reports that for just £120, anyone on the internet can buy specialist hardware that lets them hack into even the newest iPhones.
Here's how it works:
The main device used is called an IP-BOX. It works by "bruteforcing" iPhone passcodes, repeatedly guessing the password until it finds the right one.
iPhones are designed to defend against bruteforce attacks. Its software automatically limits the number of guesses you have, and it's also possible to change the phone's settings to delete its contents after 10 failed guesses of its password. But the IP-BOX can break through all of that protection. It doesn't matter if you use iPhone's Touch ID fingerprint security - because even if you have Touch ID on, your phone can still be unlocked with your passcode alone.
The IP-BOX gets around software limitations by connecting directly to the phone's hardware.
There's one lead that goes from the IP-BOX and into the iPhone's internal workings. It connects directly to the battery, and cuts the power when it detects that a wrong password was entered. That means that it can quickly shut off the phone before the phone realises that someone is trying to hack into it.
The IP-BOX is then free to start guessing passwords. It knows whether passwords are right or wrong because it comes with a light sensor that attaches to the screen of the iPhone. That sensor monitors the levels of light coming out of the phone screen, and detects changes. If it notices a change, that means the screen has been unlocked, and the password was correct.
This photo shows the IP-BOX in action. The orange numbers on the box show the passcode that it's trying to enter:
It's easy to buy an IP-BOX. Websites sell them online for less than £120. There aren't any checks on who the buyer is, either. It doesn't matter whether you're a hacker intending to blackmail someone with their photos, or a legitimate smartphone repair shop owner, anyone can buy an IP-BOX.
In fact, you can pick one up on eBay.
When an IP-BOX is connected to an iPhone, it tries every passcode, from 0000 through to 9999. That could take over 100 hours, but it's a surefire way of getting into the phone.
But there are limits to how much an IP box can actually do. First of all, if your phone is protected by a passcode longer than four numbers then it can't bruteforce the code. iPhones come with an option to expand the password field out beyond numbers to full words, creating more complex passwords that can't be broken using devices like an IP-BOX.
The IP-BOX also struggles with Apple's 8.1.1 iOS update to its mobile operating system. That update patched a flaw that let devices like IP-BOXs hack into phones. But not every iPhone has been updated, and any iPhone 4 or older can't be updated to that release, leaving it vulnerable.
To use an IP-BOX on an iPhone running iOS 8, you have to buy a special adaptor chip.
The £49.99 adaptor chip is just as easy to buy online as an IP-BOX:
- I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
- Saudi Arabia wants China to help fund its struggling $500 billion Neom megaproject. Investors may not be too excited.
- One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
- From terrace to table: 8 Edible plants you can grow in your home
- India fourth largest military spender globally in 2023: SIPRI report
- New study forecasts high chance of record-breaking heat and humidity in India in the coming months
- Gold plunges ₹1,450 to ₹72,200, silver prices dive by ₹2,300
- Strong domestic demand supporting India's growth: Morgan Stanley