The hack was demonstrated by YouTuber EverythingApplePro, who noted that the exploit does not work on older devices like the iPhone 6s. In addition to the device being an iPhone 7, the device must also be running iOS 10.3.3 or a version of iOS 11 before beta 4.
The password cracking box is sandwiched between two panes of glass and features three full-size USB ports, which allows it to crack three iPhone 7 units at the same time.
The hack takes advantage of the update process in iOS, which has a loophole in the data recovery state that allows you to use as many passcode attempts as you want. For this specific attack to work, the hacker would have to have access to the iPhone and the $500 password cracking device.
The $500 box takes advantage of the white “press home to recover” screen that is displayed after a new iOS install. Once users are on this screen, they can begin the brute force hack. At first, the device will try a new password every 50 seconds, however, it eventually ramps up to one password every 10 seconds. Given this information, it would take the attacker several days to crack the password and gain access to the device.
In a statement to TechCrunch, Apple confirmed that the security loophole will be patched in the final version of iOS 11.