Thursday, April 03, 2014

iOS 7.x security bug allows a thief to bypass Activation Lock

With the new Activation Lock feature tied into Find My iPhone introduced in iOS 7, Apple became the first OEM to build-in technology to disable the ability of a thief to re-activate a stolen iPhone. While that is still true, a newly discovered iOS 7 and 7.1 flaw detailed on Thursday means its relatively easy to hack around that feature (via 9to5Mac).

If Find My iPhone is enabled a miscreant cannot activate an iPhone without the iCloud password for the device. You also cannot disable Find My iPhone unless you have the password for that account. Sounds secure, doesn't it? However, as the video below shows, there is a way around it.

To do the hack, you need to go into Settings, and then into the iCloud settings panel. At that point, you have to tap both the Delete Account button and the switch to disable Find My iPhone simultaneously. This is the hardest part of the process, and may take many tries to get "just right." When prompted for a password, you hold down the power button and shut down the phone.

If a thief then goes back into iCloud settings, he will find he is able to remove the iCloud account without needing to enter a password.

At that point, he can plug the phone into iTunes and restore -- and reactivate it -- without issue.

This is just an example of how securing an iPhone with a PIN or TouchID is important.

In addition, if the thief is a little too trigger-happy, and attempts to reset and then re-activate the phone, he won't be able to get into the settings to perform this.

We expect Apple will address this ASAP, although they have not commented on it publicly.

No comments: