How Thieves Hack iPhones After Stealing Them

Every year, millions of smartphones are snatched from pockets, purses, and hands. While countless iPhones end up shipped to China, dismantled for components, a more lucrative path exists for criminals: selling a device that has been unlocked and wiped clean. New research sheds light on the shadowy cybercrime services powering this underground trade, revealing how thieves break into stolen iPhones and resell them for a premium.

A “thriving” ecosystem of software vendors operates across the web and on Telegram, according to findings from cybersecurity firm Infoblox. These sellers provide unlocking tools and technology to generate phishing messages designed to bypass a phone’s security. Infoblox researchers have tracked “dozens” of groups hawking these tools, primarily targeting iPhones, and have connected more than 10,000 phishing websites to this activity. Traffic to those domains jumped 350 percent last year. “Reselling is a hundred percent what they’re going for,” says Maël Le Touz, a staff threat researcher at Infoblox. The pay-per-use software costs under $10 on average. “Most of the people looking to unlock phones clearly don’t have thousands of phones in their hands,they’re not at that scale,” Le Touz adds.

Phone theft has surged in recent years. In London alone, roughly 80,000 devices were stolen over a 12-month period. Despite stronger anti-theft protections from Apple and Google, criminals at every skill level can still profit. If a thief has a phone’s passcode or manages to unlock it, they can drain bank accounts or crypto wallets. Those grabbing phones on the street or in bars can net hundreds of dollars by reselling them. “Phone thieves don’t just want the handset,they want access to bank accounts and personal information,” says Will Lyne, head of economic and cybercrime at London’s Metropolitan Police. He points to one case where four men were caught handling over 5,000 stolen phones and spending money from financial accounts accessed on those devices.

The financial incentive is clear. Dan Guido, CEO of security firm Trail of Bits and a strategic adviser to iVerify, notes that a locked stolen phone might fetch only $50 to $200. “But if you unlock it, it’s worth $500, or it’s worth $1,000.” That gap fuels a dedicated ecosystem. “This whole thing is an ecosystem, and there’s multiple people at different levels of the supply chain that all work together in order to unlock phones,” Guido says.

Infoblox researchers began investigating this economy earlier this year after a law enforcement contact in Asia reported their iPhone stolen. The victim received a phishing message after including alternative contact details on the locked device. The link led to a page mimicking Apple’s Find My service, showing a fake map with the phone’s location and then prompting for the PIN code. Similar phishing attacks have been reported by numerous individuals and the Swiss National Cybersecurity Center. In November, the Swiss body noted that scammers include accurate details about the missing device,model, color, storage capacity,read directly from the phone itself. “As there is no known way to bypass this lock, tricking the owner through social engineering is the only realistic option for criminals,” they concluded.