iPhones They are safe. Of course, no electronic device is totally immune to attack, but considering the entire universe of widely used computers, tablets, and smartphones today, it wouldn't be too whimsical to say that iOS devices can certainly be named the safest of them all, even. by the closed nature of the system. So much so that has even bandit for refusing to steal iPhone.
Even so, the device highlighted above draws much more attention than if it were intended for any other platform. More precisely: the YouTube channel EverythingApplePro, which already figured here in on some other occasions (1, 2), managed to get his hands on a small gadget which costs no less than $ 500 and promises decipher the numeric password from any locked iPhone 7 or 7 Plus. And guess what, apparently, the pet really works.
Physically, the device is the face of illegality: two green glass rectangles serve as bread in a sandwich of electronic components beyond obscure; a low resolution screen serves to give the results of the English search; Colored wires connect light sensors (more on them below) to the device while the three USB ports are used so that up to three (!) iPhones can be deciphered at the same time.
The process for obtaining the handset code is not at all simple, and much less fast. Firstly, the device really only works, for some reason, with the iPhone 7 or 7 Plus; In addition, the device needs to be in the middle of the system upgrade process can be an upgrade from any version of iOS 10 to iOS 10.3.3, from iOS 10.3.3 to any iOS 11 beta or even a downgrade from iOS 11 to 10.3.3.
It is precisely this process that the device takes advantage of: when iOS is updated and the device displays the white screen with the message “press the start button to restore”, the system does not have a password retry limit (usually only five ); that is, the handset can spend hours, or even days, trying every possible combination without being disturbed until the code is found. The sensors do this: they stick to the iPhone screen to prevent it from turning off and interrupting the process.
Before anyone asks: yes, then it would be possible for an individual to dispense with the machine and manually try all combinations until he found the right one, but no doubt he would have to be an individual with much leisure. One could also hypothesize that iPhone would require your password in the first step of the process when trying to install the new version of iOS; There are, however, programs like 3uTools that upgrade without the need for the code just to be in DFU mode.
In the video, the three iPhones were unlocked quickly because their codes were made up of smaller digits, always starting with “00”; Depending on the complexity of the password, however, the process can take up to several days, especially if it has six digits. It is interesting to note that the software that comes with the device also has a number of options to advance the process, such as "probable numbers" ie if you know or suspect that the password to be decoded starts with the number "4", You can configure the program to start by scanning these possibilities so that the process can be completed faster. Crime genius, really.
In the end, the device is not a problem for us mere mortals after all, I do not believe that "ordinary" criminals will be willing to spend all that money to spend days trying to unlock a specific model of the iPhone. However, its existence itself is already a warning to Apple, considering that the FBI has spent the equivalent of more than two thousand little gadgets to break into a terrorist's iPhone. So the company can be expected to correct the failure very soon.
From our side, we can breathe relatively relieved, but just to be sure, I will change my password to 999999. Or better yet, something alphanumeric.
via The Next Web
Update 08/18/2017 s 20:20
It was fast. Apple has just confirmed it by TechCrunch that the bug has already been fixed in the fourth beta of iOS 11 ie in this version the system will block attempts for a period of time after five incorrect codes, basically making the above process impossible.
It is unclear, however, why Apple specifically corrected the loophole in the fourth beta of iOS 11, the latest being released on Friday; It is to be expected, however, that all subsequent fourth versions will also be protected (as well as the final version to be released shortly, of course). Also not known how to get iOS 10, which is also affected by the failure if Apple speaks again, we will update this article once again.
