Categories: Hacking

New iOS 7 bug allows anyone to disable Find My iPhone feature

A new iOS 7 bug allows anyone to disable Find My iPhone feature and to bypass Activation Lock without user’s Apple credentials.

HAckers can bypass Find My iPhone feature, a new bug menaces the security of Apple iPhone users, a flaw recently discovered in iOS 7.1 allows thieves to disable Find My iPhone feature, remove iCloud and restore the mobile device without knowledge of the user’s Apple ID password.

A proof of concept was posted by 9to5mac.com, the video shows an iPhone that is hacked touching both the “Delete Account” icon and the toggle button, this sequence allows to disable Find My iPhone in the iCloud settings.

When Apple presented its new feature called Activation Lock it announced that it will make it very hard for bad guys to prep it for resale, while the top lawyers from New York and San Francisco have sounded off on this new feature, describing it as “an important first step towards ending the global epidemic of smartphone theft.”

Any possible abuse requires a user’s password as described by Apple

“Turning off Find My iPhone, erasing your device, reactivation, and signing out of iCloud requires your Apple ID password”
“A custom message can be displayed on your device even after a remote erase”

The new bug change the scenario, since Activation Lock requires Find My iPhone to be enabled, this feature won’t come online after a restore operation made by thieves. The consequences are serious in term of security for the users, a thief in fact can disable the Find My iPhone feature, remove iCloud, and restore the handset without having to provide the Apple ID credentials fro your iOS device.

Be aware, because to exploit the flaw in the iOS system the thief have to find the mobile unlocked, this is necessary to access the Settings app in the iPhone. It is so important to avoid leaving unattended and unlocked the device, so activate the passcode lock or enable Touch ID feature.

Let’s wait for a prompt resolution of the bug.

Pierluigi Paganini

(Security Affairs – iPhone, Find My iPhone )

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.