【AI前沿】Your iPhone Gets Stolen. Then the Hacking Begins

Matt BurgessSecurityMay 14, 2026 6:00 AMYour iPhone Gets Stolen. Then the Hacking BeginsA bustling underground ecosystem is providing criminals with the tools to unlock iPhones—and wage phishing attacks against their contacts to access bank accounts and more.Emergency SOS icon displayed on a phone screen is seen in this illustration photo taken in Krakow, Poland on September 14, 2025. (Photo by Jakub Porzycki/NurPhoto via Getty Images)Photograph: NurPhoto/Getty ImagesCommentLoaderSave StorySave this storyCommentLoaderSave StorySave this storyEvery year, millionsof phones are stolen. While thousands ofiPhonesareshipped to Chinaand broken down for parts, criminals can make more money selling a device that has been unlocked and wiped. Now researchers have unpicked part of the underground web of cybercrime services that can help provide access to stolen iPhones.Across the web and onTelegram, there’s a “thriving” ecosystem of software sellers helping power the market for stolen iPhones by providing “unlocking” tools and the technology to producephishingmessages to help get access to a phone, according to findings fromresearchersat cybersecurity firm Infoblox. The company says it has tracked “dozens” of groups selling unlocking tools, mostly with a focus on iPhones, and has linked more than 10,000 phishing websites to the activity. Traffic to these domains increased 350 percent last year, the researchers say.“Reselling is a hundred percent what they’re going for,” says Maël Le Touz, a staff threat researcher at Infoblox, who says people from all around the world appear to be buying access to the pay-per-use software. The average cost is below $10. “Most of the people looking to unlock phones clearly don’t have thousands of phones in their hands—they’re not at that scale,” Le Touz says.Over the last few years, the number of phones being stolen has risen—for example, witharound 80,000 devicesbeingtaken in Londonin one year. WhileAppleandGooglehave improved their protections for stolen devices, a variety of more- and less-sophisticated thieves can still make money from stolen handsets: If a phone is unlocked or a thief has its passcode, they can potentially steal money from online bank accounts or crypto wallets; those snatching phones on the streets or in bars can makehundreds of dollarsselling them on.“Phone thieves don’t just want the handset—they want access to bank accounts and personal information,” says Will Lyne, the head of economic and cybercrime at London’s Metropolitan Police. Lyne highlights one case of four men who had beencaughthandling more than 5,000 stolen phones and spending money from financial accounts on the devices.Dan Guido, the CEO and cofounder of security firm Trail of Bits and a strategic adviser to mobile security firmiVerify, says a stolen phone may only be worth $50 to $200 when it is locked. “But if you unlock it, it’s worth $500, or it’s worth $1,000.” That difference can encourage people to develop ways to try and get into devices. “This whole thing is an ecosystem, and there’s multiple people at different levels of the supply chain that all work together in order to unlock phones,” he says.Security researchers at Infoblox started looking into the stolen-phone unlocking economy earlier this year when a law-enforcement-related contact in Asia messaged them saying their iPhone had been stolen and they had received a phishing message after including alternative contact details on thelocked device. A link in the phishing page mimicked anApple Find My pageand showed a false map with the phone’s location—it then showed a pop-up asking for the phone’s PIN code.Numerous peopleonline, as well as the Swiss National Cybersecurity Center, have reported receiving phishing messages after losing or having their iPhones stolen, with the attackers aiming to get access to Apple iCloud accounts and remove them from phones. “To make the messages look convincing, they include accurate details of the missing device—such as its model, colour, and storage capacity—which the scammers can read directly from the phone itself,” the Swiss bodywrotein November. “As there is no known way to bypass this lock, tricking the owner through social engineering is the only realistic option for criminals.”Le Touz says the Infoblox researchers created DNS fingerprints for the phishing domain they had received and tracked other related Apple look-alike websites. Some of these exposed their administration login pages and also advertised tools to unlock phones. Ultimately, the researchers identified multiple groups on Telegram pushing the “unlocking” services.While they sell different tools, Infoblox’s Le Touz and Elena Puga write in their research, three features are common: unlocking tools that claim to jailbreak older iPhones or Android devices and pull owner information from phones; phishing kits referred to as “Find My iPhone Off” that can be used to access accounts; and scripts and AI voice calling software to run the p