Have Hackers Defeated the iPhone Kill Switch?
Posted on
by
Graham Cluley
Last month, I explained how iPhone and iPad users could enable a “Kill Switch,” effectively making it much harder for thieves to sell stolen devices.
And, what’s the reason why your iPhone or iPad just became a whole lot less attractive to pickpockets?
Well, when you realize your phone is lost or stolen, you can now remotely tell it to display a phone number and message on its screen. And, rather wonderfully, the message continues to be displayed even if the device is wiped.
You can display a message and contact details on the lost device.
The idea is that the message will stop a criminal from being able to sell your phone to someone else, and the device’s screen will remain locked until your Apple ID and password are entered.
This iPhone cannot be used until the correct Apple ID and passcode is entered.
If you like the idea of this, follow the advice in my earlier article on how to enable the Activation Lock feature.
But there’s some bad news, too.
A couple of hackers are reported to have found a way to bypass the iOS Activation Lock, opening the door for criminals to sell stolen iPhones and iPads to others.
A report in Dutch newspaper De Telegraaf goes on to claim that the two-man Dutch / Moroccan hacking gang may also have found a way to access sought-after Apple ID passwords and other information which is stored in iCloud.
MacRumors has provided some further details of what appears to have happened:
The hackers reportedly worked on the vulnerability for five months, studying the transmission of data between iPhone handsets and Apple’s iCloud services. The pair claim to be able to unlock a locked iPhone by placing a computer between the iPhone and Apple’s servers. In this configuration, the iPhone mistakenly identifies the hacker’s computer as one of Apple’s servers and follows instructions provided by the nefarious computer to reverse activation lock on the handset.
The hackers, who call themselves “AquaXetine” and “MerrukTechnolog,” claim that they informed Apple of the serious security issue in March – but have still not received a response from the company.
Of course, regardless of whether the hackers have managed to bypass the iPhone’s Activation Lock or not doesn’t mean that you shouldn’t still use it – and the other features of “Find my iPhone” – to better protect your device from theft and accidental loss.
Just because some hackers might have found a way around that element of the protection doesn’t mean that the vast majority of phone thieves would have a clue how to go about it.
And let us all hope that if there is a vulnerability, Apple resolves it quickly with a software patch.
How can I learn more?
Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security, and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: 
