Home

Awesome

DeadRinger

DeadRinger is a proof of concept to show how it's possible to re-create the iPhone X lock screen and steal a user's password by making them think they're entering it into their phone. It's not a cheap or particularly easy exploit because you'd have to sacrifice your own phone and physically swap phones with the target but hey, some people have the resources.

Dead Ringer in action

Video Demo

DeadRinger Demo Video

Background

With the introduction of the iPhone X, a few new features have made it feasible to faithfully re-create the lock screen.

With this knowledge, we can make an app that looks just like the lock screen (almost) and trick a user into entering their passcode. We can then transmit this passcode to ourselves and theoretically unlock the real iPhone and do whatever we want with it.

Prerequisites

You'll need to have a spare iPhone X that you're willing to sacrifice. The only thing you'll have to adjust is probably the wallpaper image in case your target has a custom one. Go into the storyboard file and find the UIImageView with the wallpaper as the background. Swap it out with whatever background you need.

I should also mention that this app assume the user's locale is US-EN. I tried using localized methods but the lock screen's date format doesn't follow one of Apple's default localized ones using the localizedString(from date: Date, dateStyle dstyle: DateFormatter.Style, timeStyle tstyle: DateFormatter.Style)

method.

How it works

The app has three states, inactive, lock screen, and passcode entry. It goes between those three states and makes the user assume that they failed Face ID too many times and need to enter a passcode (like Hair Force One did at the iPhone X unveiling).

Obviously there's more steps to get to that state like actually failing Face ID a few times, but for the sake of simplicity I've omitted those steps.

Once the user enters their passcode they get an alert that they've been duped. I'm not really gonna steal someone's passcode.

Future To Dos

I've taken a first pass at faithfully reproducing the lock screen but there are quite a few things that don't work yet. I can either fix them or maybe someone can fix it and make a pull request.

Possible Mitigation Techniques

Part of the reason I could recreate the home screen is that Apple seemed to really relax a lot of rules about disabling getting to the home screen. You can still actually get to the home screen if you swipe up a few times really fast. Some ways that Apple can mitigate this would be:

Disclaimer

Please don't use this to steal anyone's passcode because that would not be cool.

License

This project is licensed under the MIT License - see the LICENSE.md file for details