How Hackers Break iCloud Locked iPhones

Apple introduced the Find My iPhone Activation Lock as a way to prevent people from using stolen iPhones. But some hackers and scammers found a way to break iCloud locked iPhones (via Motherboard).

[Stolen iPhone Guide: What You Can Do if Your iPhone is Stolen]

iCloud Locked iPhones

iCloud locked iPhones are usually worthless unless you sell them for parts. You can’t use them without the owner’s passcode and the owner’s Apple ID can’t be unlinked from it.

image of thief

A couple of ways to bypass the activation lock is phishing and scamming Apple Store employees. It’s a bit tricky because an iCloud locked phone isn’t necessarily stolen. They could be returned to a carrier as part of a phone upgrade plan. Currently there are three ways to remove an iCloud lock:

* The password to the original owner’s iCloud can be entered to remove it, which a hacker could obtain via phishing.

* An Apple Store manager can override iCloud. Scammers can trick Apple Store managers into unlocking a device they don’t own. 

* The iPhone’s CPU can be removed from the Logic Board and reprogrammed to create what is essentially a “new” device (this is very labor intensive and rare. It is generally done in Chinese refurbishing labs and involves stealing a “clean” phone identification number called an IMEI.)

There’s a sort of dark market for iCloud locked iPhones. When a customer returns an iPhone to their carrier, employees are trained to ask them to turn off iCloud on the phone. But sometimes that doesn’t happen. Carriers can’t do much with these phones so they get sold in bulk in private auctions.

Some black market resellers use iCloud phishing kits. Designed to be easy to use, the kits are a set of tools a person can use to trick the original owner into giving up their Apple ID password.

The hacker can send specially-crafted text messages that look like they came from Apple. Then, they send the victim a fake map of where the person’s phone has been discovered, to make it look more legitimate.

If a person doesn’t fall for the phishing, the next step is to social engineer Apple employees. In one example, a fake receipt can be generated and taken to an Apple Store: “Hey, I forgot my Apple ID information, but here’s a receipt.” Apple lets retail employees unlock an iPhone if a customer brings in their original receipt.

The way I justify it in my head is, someone is going to use this phone either way and it’s better for the environment if I use it for parts than just letting it go to waste. I don’t sit there and unlock iClouds because I don’t want to make individual moral calls on whether each phone is legitimate. But there’s a huge demand for it.

Mick Ventocilla, owner of Lakeshore Tech Repair

[How to Use Find My iPhone Without Your Trusted Devices]

One thought on “How Hackers Break iCloud Locked iPhones

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.