Hackers Allegedly Bypass iOS Activation Lock

Have hackers killed the iOS kill switch? So claims a pair of hackers, who say they've found a way to hijack the connection between a lost and locked iPhone and Apple's servers, thus unlocking the phone and undermining Apple's much-vaunted "Activation Lock" anti-theft protection.

Activation Lock is a feature introduced in iOS 7 that lets users remotely put their phone into Lost Mode or remotely wipe the phone of its sensitive data. In Lost Mode, the phone will display a custom message (such as "This phone is lost: please return to so-and-so") and can only be unlocked with its proper user's Apple ID and password—even if the phone is wiped. This is meant to make it impossible for thieves to resell stolen phones.

MORE: Smartphone Kill Switch: What It Is, How It Might Work

Smartphone anti-theft features such as Apple's Activation Lock are generally known as "kill switches," and many United States politicians and law enforcement officials have been pushing to make them legally mandatory for all smartphones.

Enter the pair of hackers known as AquaXetine and MerrukTechnolog. Hailing from the Netherlands and Morocco, the two told Dutch newspaper De Telegraaf that they can bypass Activation Lock by inserting their own computer in the middle of the connection between a locked iPhone and Apple's servers. The iPhone then believes that the hackers' computer is Apple's servers, and will accept a command to unlock itself, thus exposing any data still on the lost phone and making it easy for criminals to resell the iPhone.

The hackers told De Telegraaf that they alerted Apple about this critical issue in late March, and that Apple did not respond, which is why they are now going public with the information. Before that, they spent five months studying the way data passes from iOS devices to Apple's iCloud servers before they figured out their hack.

AquaXetine and MerrukTechnolog have not revealed how they accomplish this iOS Activation Lock hack, though AquaXetine said on Twitter that they are not using an SSL bug (SSL is a protocol for encrypting data in transit). The hackers told De Telegraaf they have unlocked 30,000 iPhones in the past few days. Thus far Apple has not commented on the issue.

Users concerned about the ability to protect lost or stolen iOS devices can use a third-party anti-theft app such as Lookout, which also lets users remotely lock, locate and wipe their phones.

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+. Follow us@TomsGuide, on Facebook and on Google+.

See more Computing News

TOPICS

Jill Scharr is a creative writer and narrative designer in the videogame industry. She's currently Project Lead Writer at the games studio Harebrained Schemes, and has also worked at Bungie. Prior to that she worked as a Staff Writer for Tom's Guide, covering video games, online security, 3D printing and tech innovation among many subjects.

More about online security

Musk's DOGE faces massive backlash and 12 data privacy lawsuits — how safe is your data?

Don't click this — malicious ads impersonating Google Chrome spreading dangerous malware

A split screen photo showing a coffee grinder on one side and a smart watch on the other

What Tom’s Guide tested this week: Sony, OnePlus, Corsair and more

See more latest

10 Comments Comment from the forums

house70

Third-party apps should be better than anything Apple could put out, anyways. Apple is too busy paying their lawyers; coders are a second thought.
Reply
ptmmac

There is no excuse for printing the hacker handle of theives such as these. There is no other possible use for this except to unlock stolen goods to increase their value to those who stole them. What ever happened to any sense of integrity?
Reply
RCguitarist

There is no excuse for printing the hacker handle of theives such as these. There is no other possible use for this except to unlock stolen goods to increase their value to those who stole them. What ever happened to any sense of integrity?

Those guys don't appear to be thieves. They alerted apple and are not revealing to the public how to do it. They are helping get things fixed.
Reply
sinclaj1

This is the part that scares me: "they spent five months --- ***studying the way data passes from iOS devices to Apple's iCloud servers*** --- before they figured out their hack."
Reply
derekullo

Where do you find 30,000 IPhones to "test" with?
Reply
computernerdforlife

There are some of us who have a younger sibling who forgot their apple/icloud password and chose to use a random security question of which they cannot recall. We called Apple and they want a proof of purchase from Christmas last year for the device. My in-laws do not have that so they refused to help altogether. I was blown away.

Their must be at least a few circumstances where young people forget their password AND their recovery password for their e-mail (which is typically the same), and their security question does not help. My in-law is bullied at school so he chose another date of birth as his security question so his bullies don't harass his Apple account. Anyhow, I look forward to bypassing this so I can return his Apple device in a working state.
Reply
das_stig

2 months and Apple haven't took their heads out of their collective backsides. This is what happens when a company gets too big and ignores its users. Microsoft have sort of learnt this, Google are slowly getting there, Apple and Facebook are in LA LA land !
Reply
GlassFTW

IOS IS A GLORIFIED APP LAUNCHER FULL OF SECURITY HOLES.

AT HACKER CONS, APPLE PRODUCTS ARE ALWAYS THE FIRST TO FALL!
Reply
dro2

"have not revealed how they accomplish this iOS Activation Lock hack"..lol Then it's BS until they do.
Reply
dro2

IOS IS A GLORIFIED APP LAUNCHER FULL OF SECURITY HOLES.

AT HACKER CONS, APPLE PRODUCTS ARE ALWAYS THE FIRST TO FALL!

The fact you're typing in all capital shows your intelligence and maturity level.

Reply

Show more comments

Sign up to get the BEST of Tom's Guide direct to your inbox.

Most Popular