There is no perfect protection - there are only different degrees of reliability. This also applies to iPhones.
We recently explained how important it is to have an alphanumeric lock password rather than the standard 6-digit one in iOS. But this is just the tip of the iceberg, and underneath is real hardcore.
We'll tell you how to bypass iPhone blocking methods and whether you can protect yourself from this.
Disclaimer: This article is not intended to help unlock stolen iPhones. You can test all the methods described below at your own risk.
How the password protection system works in iOS, briefly
If you enter the wrong password 10 times, the device will be locked. After the first 5 attempts you will have to wait 1 minute, then the time until the next entry attempt will increase.
If you realize that you can no longer remember the password, Apple suggests erasing all data from the device. This is quite OK if you have a backup. Read about three simple ways to save data here.
You can only remove a password from an iPhone or iPad using a computer. Instructions on the Apple website. If you don’t have a PC, you can contact an authorized service center or retail store, they will provide it.
If all else fails
When none of the methods discussed above helped, you can use special programs to unlock your iPhone. But, you should approach these methods with caution, carefully check the resources, and understand that most of them can further harm the mobile device.
The most popular iPhone unlocking utility is 4uKey. The program helps if the phone owner has forgotten the password. More details in the video:
If you bought a new iPhone and have all the supporting documents, it is better to contact an authorized Apple center or write an email directly to the manufacturer.
3/5 — (3 votes)
iOS password protection works worse in DFU mode
DFU (device firmware update) is a special mode that gives access to the engineering menu, allows you to restore the firmware, etc. The trick is that DFU has no restrictions on the number of password attempts.
Thus, if you set a goal, you can pick up the code and unlock your smartphone. If you are too lazy to enter numbers manually, you can buy a gadget for auto-search for $500 (already cheaper). But there are also more professional systems, they are much more expensive.
Let's see how the professionals do it. For educational purposes, of course.
Password recovery methods
It is worth noting that an almost identical method for restoring user information is provided when using the iCloud cloud storage service. But that’s not all, because there are quite a lot of life hacks for changing your password. And it’s definitely worth taking a closer look at the following:
- Resetting the counter for incorrect password entry attempts.
- Using a mode to restore an iPhone, relevant only if the ID is known.
- Installing new firmware using a special DFU mode, used when previous manipulations were not effective enough.
Notably, all of these recovery tools are also iTunes-based, asking for an ID in most cases. But if the user cannot boast of such a privilege, and none of the methods work, then it is necessary to check all paired devices for login to iCloud, and also exclude the presence of activated 2-factor authentication. In addition, you can try to solve the problem in the following ways:
- Click on the “Forgot ID or password” option, after going to the account page.
- Select “Reset password” and confirm it with the “Continue” command.
- Decide on the data reset method by choosing to answer security questions or send confirmation by email.
It is also worth remembering that when requesting a recovery key, you will have to undergo verification in two stages, entering not only the user-specified identifier, but also the requested key. Next, a trusted gadget is selected, changes are confirmed via a link sent to the specified address, a reset is performed and a new password is specified. Voila! The iPhone has been restored and is ready for further use without the slightest threat to user safety.
How to bypass Face ID
When Face ID first arrived on the iPhone X, it was full of holes. Apple claimed that even twins could not bypass the facial recognition system.
But something went wrong. Face ID sometimes mistook children for their parents. And one customer returned her smartphone to the store twice - he persistently confused her with a colleague. In general, the system was inconvenient and unsafe.
Vietnamese company Bkav spent only $150 to create a decoy mask for Face ID. The base was printed on a 3D printer, the nose was made of silicone, the eyes and mouth were printed and glued onto the model.
Face ID mistook the mask for the owner:
This was soon fixed. But in August 2021, they found an even more fun way to unlock it. Tencent researchers have shown how to fool Face ID using regular glasses and duct tape .
When attention detection is enabled on your iPhone, your iPhone regularly checks to see if you're looking at the screen. But if you are wearing glasses, Face ID will not read 3D information in the eye area. The system believes that there are black areas with white dots.
So, if you are sleeping or unconscious, then your smartphone will be easy to unlock. The specialists simply pasted squares of electrical tape with dots-slits in the middle onto the glasses and put them on the “sleeping” colleague. And his iPhone was successfully unlocked.
The hole has already been closed. But the sediment remained.
Resetting your phone to factory settings due to a forgotten password
If none of the above options helped you, the last thing you can do on your own if you have forgotten your iPhone password is reset it to factory settings.
Take on this method only if you have minimal experience or strictly follow the instructions. If you make a mistake, there is no going back and you will lose your device.
The method of resetting to factory settings, in simple terms “flashing”, depends on the model of your smartphone. In such cases, the problem is solved in DFU mode.
On models up to 6s, calls are made by pressing the HOME button and the power button simultaneously for several seconds.
How are fingerprints faked?
The Touch ID system hashes digital fingerprint scans and stores the hashes in a secure Secure Enclave area that is separate from the main storage.
When you try to lock your iPhone with your fingerprint, Touch ID checks the new code against data from Secure Enclave. And the fingerprint decoding is stored in RAM and only immediately after scanning.
Of course, this is much cooler than scanned pictures in certain folders (some Chinese devices were guilty of this). But... the first generation Touch ID could be deceived using a sheet of paper with a fingerprint printed at 2400 dpi. If you have an iPhone 5s, try it, it might work.
Moreover: the fingerprint can be taken directly from the screen. And not only unlock an iPhone with an old scanner, but also prohibit the current owner from erasing data from it.
It's more difficult with newer models. You need a 3D printer and a material that a smartphone will mistake for human skin. And a fairly accurate 3D finger model. And a limited number of attempts.
Biometric identification expert Anil Jain and his colleagues at Michigan State University have developed a technology for producing these “fake fingers” from electrically conductive silicone and pigments. The fakes had the same mechanical, optical and electrical properties as real people's fingers.
Formally, the technology was supposed to improve the reliability of scanners. But it all depends on in whose hands it would end up.
Other researchers, having only a good photo of the finger of German Defense Minister Ursula von der Leyen, made a 3D model of it. They didn’t take the finger separately—the fingerprint was cropped from a high-resolution photograph.
The minister agreed to participate in the experiment. The result is that she herself proved that the method really works.
If you have models up to X
Restoring the phone
You will need the help of iTunes. After connecting the phone and computer, you need to hold down the volume and power off at the same time and wait for the phone to turn off. After turning off, release the Power button and continue to hold the volume button.
If the screen turns black, without a program icon, you succeeded. On your computer, check for updates and download the firmware.
How to gain access through a single message
Cyber experts Natalie Silvanovich and Samuel Gross from Google Project Zero showed how the CVE-2019-8641 provides access to passwords, messages and e-mail. It also allows you to turn on the camera and microphone on your iPhone.
Project Zero searches for vulnerabilities in the products of Google and its competitors. Experts said that if you know the victim's Apple ID, it is enough to send the victim a message configured in a special way.
iOS has built-in ASLR technology, which makes it more difficult to exploit some vulnerabilities. It changes the location of important data structures in the system address space: for example, the stack, heap, loadable libraries, executable file images.
Silvanovich and Gross found a way to bypass ASLR. Using this and five other vulnerabilities found, experts achieved arbitrary code execution on the iPhone. On the black market, information about these bugs would cost about $10 million.
Good news: the main and most complex vulnerability CVE-2019-8641 was fixed in iOS 12.4.2 in September 2021. The bad news: no one knows how many more similar holes there will be. But the statistics are not encouraging.
What is the Apple ID password and why is it dangerous to forget it?
One of these security codes is the Apple ID password, found exclusively in Apple products from Cupertino. And unlike many other blocking tools, the use of this key is mandatory, and from the very beginning of the device’s operation, that is, from the moment it is first configured.
What kind of password is this, and what doors does it protect? In fact, everything is simple here, because all Apple products have their own mail, cloud services and even an in-app purchase store, which, of course, requires an account to use. However, even here there can be no question of any conditional Google account, since registration is only available through iCloud or the Apple cloud. And it is for this account that its own Apple ID authentication system is used, which requires entering a login and password.
In the first case, the user is asked to enter a name written in Latin with the obligatory ending “@icloud.com”, while the password requires a combination of numeric and alphabetic characters with the obligatory use of uppercase and capital letters.
It is noteworthy that to create your Apple account it is not at all necessary to purchase a new device, because you can register on the official website appled.apple.com, doing it completely free of charge.
At the same time, it is not at all necessary to link your bank card details, despite the fact that the system will request them. Moreover, if you have no intention of using iTunes or any other paid Apple services, then it is better not to connect the card at all, since by agreeing to a 3-month free subscription to any application, its owner risks receiving an automatic debiting of funds after the designated period.
It is worth noting that it will not be possible to do without an account, not only at the initial stage of operation, but also in the future, since access to the AppStore and any other built-in company service without an Apple ID continues to be impossible.
But changing the secret password code is quite possible, completely free and as much as your heart desires. To do this, you need to go to the “Account Management” menu and enter a new password with a mandatory duplicate confirmation, using for these purposes any synchronized device with the same ID.
How to bypass blocking using voice commands
If you still haven't updated to iOS 12, we have bad news. Siri will “help” unlock your iPhone.
Just call the voice assistant from the lock screen and ask it to activate the VoiceOver . After this, the scammer will be able to call your iPhone, at the time of the call, select a response with a message on its screen and press the “+” key.
The next stage is sending a special message to the victim’s smartphone. When VoiceOver is active, it triggers a system error and gives access to the messaging interface and a list of recently dialed contacts, including their full details.
To protect against this, prevent Siri from being called from the locked screen: this is done in the “Settings” menu - “Touch ID and passcode” - “Access with screen lock”.
Reset iPhone password by restoring from backup.
If you systematically sync your iPhone with iTunes, you should have backup copies and you can restore one of the copies where the password is still set. This is the best way, all media files and information will remain on the iPhone.
- Connect your iPhone to the computer where you have backups and open iTunes.
- Wait while iTunes syncs your iPhone and creates another backup.
- When synchronization is complete and a new copy is created, click on the “Restore” button.
- When restoring your iPhone, a setup screen should open where you need to select “Recover from an iTunes copy.”
- Now look by date which backup copy suits you and select it. You must remember when you set the password on your iPhone.
How smartphones are hacked using ultrasound
Experts from Washington University in St. Louis, the University of Michigan and the Chinese Academy of Sciences have proven that assistants can be activated even with ultrasound.
The scientists used a piezoelectric transducer that transmitted voice commands using ultrasonic waves. The signal was sent through hard surfaces - for example, through a table on which a smartphone was lying.
The human ear cannot hear ultrasound, but a smartphone reacts to such frequencies. A hard case is not a hindrance: on the contrary, the thicker and denser it is, the better it transmits the signal.
Using ultrasound, scientists were able to send SMS, make calls and access basic functions. The method worked not only for the iPhone - Xiaomi, Samsung, and Huawei models were also attacked.
But if you put the smartphone on something soft, the method will not work. And it does not provide full unlocking. In addition, Siri and other assistants can be forced to identify the owner so that they do not react to other people's voices.
What passwords protect iPhone?
There are 3 passwords that owners of Apple products are at risk of forgetting:
- Lock screen password. The iPhone owner has to enter it every time he unlocks the device.
- Restrictions password – protects applications from accidental deletion, restricts access to sites containing 18+ content. Through the “Restrictions” section in the “Settings” of your iPhone, you can remove the browser and camera from your desktops - only someone who knows the restrictions password can return these elements.
- Apple ID password. Without an account password, you will not be able to download an application from the AppStore or deactivate the Find iPhone function.
How to use Cellebrite technology
Motherboard journalists collected materials on 516 orders for obtaining data from iPhone in 2021. In 295 cases, information was retrieved.
The point here is less about technical difficulties, and more about budgets for hacking and the seriousness of the situation. Those who have access to Cellebrite and GrayKey are much closer to success.
Experts from the Israeli company Cellebrite are ready to crack the iPhone password within 24 hours . But only if they directly receive the smartphone itself. What they will do with it and how they will extract the information, experts do not say.
In addition, they sell UFED (Universal Forensic Extraction Device - a universal device for extracting data by court decision) and other similar products, equipment, software, cloud solutions, cyber kiosks.
The technique only works with a direct connection to the manufacturer’s server. Formally, this is necessary to verify the license and control the legality of using the hacking solution.
Cellebrite devices are sold relatively freely. The price tag for the “hard + soft” set starts from 15 thousand dollars . But on eBay and other auctions you can buy an outdated model for ridiculous money - of course, it won’t cope with new iPhones, and the license may be expired.
For information: in 2021, Cellebrite received $1 million for hacking the iPhone 5c of the San Bernardino shooter. Back then, iOS didn’t even use encryption, and the smartphone didn’t come with a fingerprint scanner.
And no matter how Apple protects devices, soon after the release of new firmware Cellebrite selects master keys for it. This takes from several days to a couple of months.
Data is merged from the smartphone’s memory, SIM cards, and memory cards.
How does Cellebrite find holes in iPhone security? Company employees, like hackers, are constantly hunting for dev-fused versions - working prototypes of smartphones.
In dev-fused, as a rule, there is no OS installed, there is only the Switchboard engineering menu and individual components. Or manufacturers left various loopholes in the software for testing. This makes it easier to reverse engineer and find day 0 vulnerabilities that developers are unaware of.
It is impossible to remove prototypes from Apple laboratories. It's easier to get them from contract assembly plants like Foxconn.
Employees sell components, often without knowing their actual price. They can be understood - at best, assemblers earn a couple of tens of dollars for irregular working hours.
Advice
If you do not have a password for your Apple ID account, all attempts to gain access to the gadget will be ineffective. To restore, follow the instructions:
- Go to https://appleid.apple.com/#!&page=signin.
- At the bottom of the page, click “Forgot...”.
- Enter your ID followed by “Continue”.
There are several ways to update your password. When you select a security question, enter the answer and reset your password. A link to restore access can be sent to the email associated with your account. This procedure can also be performed using another Apple device. If the user has enabled two-step verification, he must additionally enter the code that will be sent to his phone.
How GrayKey works
GrayKey is developed by Greyshift from Atlanta, USA. It was founded by a former Apple security engineer.
Greyshift supplies its solutions only to law enforcement agencies in the United States and Canada. Without any exceptions.
The device can pick up the unlock code on the iPhone. With its help, for example, the iPhone 11 Pro Max was hacked in January.
The speed of GrayKey is approximately the same as that of Cellebrite. A 4-digit code can be cracked in 11 minutes, a 6-digit code in 11 hours, a 10-digit code in decades (but who uses it?!).
By the way, at the end of 2021 GrayKey went up in price. The price increase was explained by the emergence of new technologies for protecting iOS from hacking and, accordingly, a new revision of the device – GrayKey RevC.
For a license for the online version of the tool they ask for 18 thousand US dollars for 300 hacks per year, previously it cost 15 thousand. And the offline version still costs 30 thousand dollars , there are no restrictions on the period of use.
Part 1: How to Unlock an iPhone If You Forgot Your Password Using Passfab iPhone Unlocker
First, download and install PassFab iPhone Unlocker on your computer.
BUY NOW For Win 10/8.1/8/7/XP
BUY NOW For macOS 11 and below
- 01In the PassFab iPhone Unlocker interface, select the "Unlock iOS Screen" option.
- 02Connect your device to your computer and click “Get Started”.
- 03From the list provided, select and Download the required firmware for your device. We recommend installing the latest version of iOS available for your device version.
- 04After the download is complete, click on the “Start” button to remove the password.
After this, your iPhone will be unlocked and you can use it as a new iPhone.
You can watch the video tutorial on how to use Passfab Iphone Unlocker:
How does MagiCube, which was purchased by the Investigative Committee, work?
Two years ago, the BBC wrote about mysterious MagiCube gadgets from China. Experts said: if GrayKey and Cellebrite take a day to hack an iPhone, then Chinese magic will do it in just 9 minutes .
The iDC-8811 Forensic MagiCube “suitcases” were developed by Xiamen Meiya Pico Information in July 2021. It was also reported that MagiCube is “tailored” to receiving data from instant messengers. They say that the most valuable information is there.
For the analysis, we purchased additional software - the iDC-4501 system for analyzing data from mobile devices and IFM-2008 Forensics Master for data from a PC.
5 million rubles on hacking tools . These are two government purchases: for 2 million rubles - for the Military Investigation Department of the RF IC for the Central Federal District, for another 3 million - for the Military Investigative Department for the Eastern Federal District.
Xiamen Meiya Pico Information is not just another no-name. The company is truly one of the leaders in the electronics forensics device segment in China, with more than 20 years in the local market and about 10 years in the international market.
But there are inconsistencies. Firstly, the iDC-8811 Forensic MagiCube is simply a hard drive duplicator that runs Windows 7 . It can copy data and examine it. And only if the media is physically connected to the “cube”. The solution will not be able to get into your smartphone remotely.
At the time of purchase (July 2018), iDC-4501 could only work with iPhones running iOS 10.0–11.1.2. That is, without the latest updates (iOS 11.1.2 was released in November 2017).
And most importantly: this system does not pick up the iPhone password. This means that it will still have to be obtained using the GrayKey or Cellebrite tools.
Actually, I also had to buy UFED 4PC Ultimate from Cellebrite. It includes everything you need, including UFED Physical Analyzer for deep decoding of information from mobile devices.
Installing new firmware
If previous methods for unlocking iPhone 4, 4s, 4c, 5, 5s, 5c, CE and other models did not give a positive result, you can restore the system by installing a new firmware version. To do this, follow the instructions:
- Find and download to your computer the firmware version that is suitable for your iPhone model. It must have the extension .IPSW
- Go to Explorer and move the file to the Software Updates folder.
- Connect your phone to your computer and go to iTunes. Go to the section that matches your phone's name.
- Press the CTRL key and "Restore iPhone". A window will appear where you can select the firmware file. Click on it and click “Open”.
- Wait for the recovery procedure to complete.
Attention! Choose sites for downloading firmware carefully. Do not ignore antivirus warnings to avoid downloading a virus to your phone or computer. Do not download firmware with the .exe extension (this is malware).
FAQ
What should I do if another user has enabled the “Find My Phone” function on my iPhone and it is blocked?
It is recommended to contact the previous owner of the phone so that he can remove the lock. If this cannot be done, contact an Apple Service Center with your purchase receipt. You can also ask for help from technical support (https://support.apple.com/ru-ru).
What to do if not a single method of unlocking your phone helps?
If you do not have access to a computer with synchronized iTunes, you can use special programs to unlock your phone. Some of the most popular are iMyFone LockWiper, 4uKey. But keep in mind that inept use of these programs can lead to complete loss of access to your smartphone.
