Removal of Apple's iCloud Activation Lock check page may be linked to hacks relying on sto...

Posted:
in iPhone edited January 2017
Apple's removal of the iCloud Activation Lock status page last week was likely connected to hacks letting people bypass the Activation Lock system, a report noted on Monday.




By changing one or two characters in an invalid serial number, it becomes possible to stumble across a value that will crack a bricked Apple device. The status check page made this a realistic option, since hackers could simply keep plugging in new characters there until they found something that worked.

The flaw, first pointed out by MacRumors might also explain some glitches encountered since September, in which people suddenly find their devices locked to an unknown Apple ID and can't regain control without Apple's help.

Complaints along those lines have revolved around the iPhone 6s, 7, and their Plus equivalents, but could conceivably apply to any device with Activation Lock, such as an iPad, iPod touch, or Apple Watch.

Online Activation Lock checks previously made buying a used Apple device more reliable, since shoppers could ask for an IMEI or serial number and verify it before sending any money. Without that system, the only way of checking is in person, which probably isn't an option if the seller is in another city or a buyer is worried about being robbed.

The black market could take advantage of the new situation, since thieves can more easily unload stolen goods.

Other Activation Lock vulnerabilities have been exposed in the past. In November, a researcher showed that it was possible to bypass the system on an iPad by flooding Wi-Fi logins with long character strings and repeatedly opening and closing a Smart Cover.

Comments

  • Reply 1 of 13
    lkrupplkrupp Posts: 7,324member
    Pojnt is Apple is not talking and they should be explaining why they did it.
    Solijbishop1039watto_cobranetmage
  • Reply 2 of 13
    the page was only blocked from the Mac, works just fine from iPad, like Tim's iPad
    ericthehalfbee
  • Reply 3 of 13
    wood1208wood1208 Posts: 2,012member
    It is very inconvenient for buyer to not know if used iphone is iCloud lock or not before meeting seller. But, this also makes potential buyers to not send money before meeting in seller and check out "Find my iPhone" is OFF and same time patiently check other issues with iphone before handing over the cash. Not sure how this sentence from article is true ? "The black market could take advantage of the new situation, since thieves can more easily unload stolen goods." There is no difference to those shady people with or without tool how they fool buyers. It is up to buyer, long as buyer don't pay unless have good working iphone in his/her hand before paying. Actually, this will force seller/buyer to meet at cell carrier place to verify and get iphone properly activated.
    edited January 2017
  • Reply 4 of 13
    lkrupp said:
    Pojnt is Apple is not talking and they should be explaining why they did it.
    Why? What value-add is there for me? I don't think I even knew about this tool until last week.
    watto_cobra
  • Reply 5 of 13
    maestro64maestro64 Posts: 4,658member

    okay, this is the feature Apple put because the Police were complaining that iphone got stolen more time than any other phone and the Authorities what a way that could local a phone to make it worthless to the person who stole it. So know the thieve are using it against the people the police thought they were protecting. With the new phone with touch ID, you do not need this, is some steals your phone it is worthless if you have touch ID.

    See what happen when the Police and Authorities come up with a solution to their so called problem, they make it less safe for the rust of us.

  • Reply 6 of 13
    maestro64 said:

    okay, this is the feature Apple put because the Police were complaining that iphone got stolen more time than any other phone and the Authorities what a way that could local a phone to make it worthless to the person who stole it. So know the thieve are using it against the people the police thought they were protecting. With the new phone with touch ID, you do not need this, is some steals your phone it is worthless if you have touch ID.

    See what happen when the Police and Authorities come up with a solution to their so called problem, they make it less safe for the rust of us.

    Do you have any information to back any of that up? It sounds like pure conjecture on your part.
    netmage
  • Reply 7 of 13
    T manT man Posts: 1unconfirmed, member
    There is still a way. Think people think. Very easy!!!!! You can still verify icloud by other means. Apple not so smart
    iGuidesBlogs
  • Reply 8 of 13
    maestro64maestro64 Posts: 4,658member
    maestro64 said:

    okay, this is the feature Apple put in because the Police were complaining that iphone got stolen more time than any other phone and the Authorities wanted a way that could lock a phone to make it worthless to the person who stole it. So now the thieve are using it against the people the police thought they were protecting. With the new phone with touch ID, you do not need this, if some steals your phone it is worthless if you have touch ID. .

    See what happen when the Police and Authorities come up with a solution to their so called problem, they make it less safe for the rust of us.

    Do you have any information to back any of that up? It sounds like pure conjecture on your part.

    You do not remember the whole outrage from police departments around the country about Apple making the phone too easy to steal and an not way to disable the phone, This was Apple fix prior to them introducing the touch ID. Where have you been the last 10 yrs.
  • Reply 9 of 13
    macxpressmacxpress Posts: 4,979member
    T man said:
    There is still a way. Think people think. Very easy!!!!! You can still verify icloud by other means. Apple not so smart
    Uhhhh what?
    watto_cobra
  • Reply 10 of 13
    mr. hmr. h Posts: 4,740member
    maestro64 said:

    okay, this is the feature Apple put because the Police were complaining that iphone got stolen more time than any other phone and the Authorities what a way that could local a phone to make it worthless to the person who stole it. So know the thieve are using it against the people the police thought they were protecting. With the new phone with touch ID, you do not need this, is some steals your phone it is worthless if you have touch ID.

    See what happen when the Police and Authorities come up with a solution to their so called problem, they make it less safe for the rust of us.

    This doesn't have anything to do with Touch ID. It's related to Find My iPhone, which can be activated/deactivated independently of Touch ID. If you turn on Find My iPhone, then it should be impossible to wipe/restore etc. that iPhone without the iCloud account details entered when Find My iPhone was originally activated. The page that Apple have taken down was a tool that allowed you to check if Find My iPhone was turned on for a particular device.

    What I've been really surprised and disappointed by in the last couple of days is the discovery that Apple stores some devices' serial numbers in plain text form in a re-writable location on the devices' SSDs! This means people have been able to remove the SSD chip, use the iCloud lock status page to find a serial number that isn't locked, then write that serial number to the SSD, and replace the SSD in the device. If the serial number was stored in encrypted format using a private key none of this would have happened! This is entirely Apple's fault for poorly implementing this feature.
    edited January 2017 netmagegatorguy
  • Reply 11 of 13
    macguimacgui Posts: 1,470member
    maestro64 said:See what happen when the Police and Authorities come up with a solution to their so called problem, they make it less safe for the rust of us.
    Yes, Einstein, robberies in which iPhones are stolen, plummet. Law enforcement agencies in SF and NY among others have reported significant decreases since Apple implemented Activation Lock.

    Yeah, that's a bad thing./s
  • Reply 12 of 13
    macguimacgui Posts: 1,470member

    maestro64 said:

    okay, this is the feature Apple put because the Police were complaining

    No it wasn't. Activation Lock was the feature that resulted from the request. The website was never requested. That was something Apple did on their own, and they decided to take it down. 

    Given the gear needed to accomplish the change, I have to wonder how many stolen phones were actually reactivated.
Sign In or Register to comment.