Insights For Success

Strategy, Innovation, Leadership and Security

Hackers bypass Apple's iCloud and Activation lock for iPhone

technologyEdward Kiledjian
icloud.png

Apple touts the advanced security features built into its devices and its linked cloud services. One such security feature is Activation Lock that should prevent a thief from using a stolen iPhone that is locked. 

A Dutch and Moroccan hacker group called "Team DoulCl" are reporting that they have been able to bypass Apple's Activation Lock control. 

De Telegraaf (link), a Dutch news organization, claims the group was able to buy locked iPhones and unlock them. Thieves can use this hack to resell stolen iPhones for huge profits. To be fair to Apple, I haven't personally verified this groups claims so I take everything with a grain of salt. Additionally hacks like this against Apple are rare.

2 other hacker groups AquaXetine (Dutch) (link) and Merriktechnolog (Moroccan) claim to have unlocked 30,000 devices in just a few days. 

The trick is a simple man in the middle attack where the hackers trick the locked devices that their servers are Apple's activation servers and they instruct the device to unlock. It is conceivable that this type of attack could be used to extract other information from the device (if it truly believes it is talking to Apple's iCloud infrastructure such as syncing pictures, calendar, contacts, etc. )

The hackers claim they disclosed the vulnerability to Apple security in March but the report was never followed-up by Apple. The silence is why the hackers went public. 

You can checkout the original hacker group's website at doulCi.nl (link). I scanned the website and didn't find any malware or hack attempting to compromise your browser.