Have Hackers Defeated the iPhone Kill Switch?
Posted on May 21st, 2014 by Graham Cluley
Last month, I explained how iPhone and iPad users could enable a “Kill Switch,” effectively making it much harder for thieves to sell stolen devices.
And, what’s the reason why your iPhone or iPad just became a whole lot less attractive to pickpockets?
Well, when you realise your phone is lost or stolen, you can now remotely tell it to display a phone number and message on its screen. And, rather wonderfully, the message continues to be displayed even if the device is wiped.
The idea is that the message will stop a criminal from being able to sell your phone to someone else, and the device’s screen will remain locked until your Apple ID and password are entered.
If you like the idea of this, follow the advice in my earlier article on how to enable the Activation Lock feature.
But, there’s some bad news.
A couple of hackers are reported to have found a way to bypass the iOS Activation Lock, opening the door for criminals to sell stolen iPhones and iPads to others.
A report in Dutch newspaper De Telegraaf goes on to claim that the two-man Dutch / Moroccan hacking gang may also have found a way to access sought-after Apple ID passwords and other information which is stored in iCloud.
MacRumors has provided some further details of what appears to have happened:
The hackers reportedly worked on the vulnerability for five months, studying the transmission of data between iPhone handsets and Apple’s iCloud services. The pair claim to be able to unlock a locked iPhone by placing a computer between the iPhone and Apple’s servers. In this configuration, the iPhone mistakenly identifies the hacker’s computer as one of Apple’s servers and follows instructions provided by the nefarious computer to reverse activation lock on the handset.
The hackers, who call themselves “AquaXetine” and “MerrukTechnolog,” claim that they informed Apple of the serious security issue in March – but have still not received a response from the company.
Of course, regardless of whether the hackers have managed to bypass the iPhone’s Activation Lock or not doesn’t mean that you shouldn’t still use it – and the other features of “Find my iPhone” – to better protect your device from theft and accidental loss.
Just because some hackers might have found a way around that element of the protection doesn’t mean that the vast majority of phone thieves would have a clue how to go about it.
And let us all hope that if there is a vulnerability, Apple resolves it quickly with a software patch.