Hackers can access iCloud-locked iPhones using fake receipts and phishing kits
Hackers, Thieves, and Repair Shops Access iCloud-Locked iPhones, Here’s How
Hackers, thieves, and repair shops have discovered a new way to bypass the ‘Find My iPhone’ feature on iCloud-locked iPhones so that they can sell stolen or non-stolen devices, according to a report from Motherboard.
For those unaware, “Find my iPhone” is an app and service from Apple, which lets you locate, lock down or wipe your lost iPhone, iPad, iPod, or Macbook and requires a password to continue. Apple had introduced this feature in 2013 to safeguard people’s information stored on their iPhones.
In order to keep iPhones secure and make it less valuable targets to would-be thieves, iPhones can be associated only to one iCloud account at a time. This means that the hackers and thieves need to figure a way out to remove the iCloud account from the iPhone in order to sell the stolen device to someone else or for someone new to use it. The iCloud account can only be removed by entering the Apple ID password.
“The iCloud security feature has likely cut down on the number of iPhones that have been stolen, but enterprising criminals have found ways to remove iCloud in order to resell devices. To do this, they phish the phone’s original owners, or scam employees at Apple Stores, which have the ability to override iCloud locks. Thieves, coders, and hackers participate in an underground industry designed to remove a user’s iCloud account from a phone so that they can then be resold,” according to Motherboard.
In order to get into iCloud-locked iPhones, thieves are now producing fake receipts and invoices to fool Apple into believing that they are the actual owners of the phone. While the tricks include social engineering at Apple Stores, there are also “custom phishing kits for sale online designed to steal iCloud passwords from a phone’s original owner,” mentions Motherboard.
Additionally, a few hackers also reprogram stolen iPhones with a new IMEI. Besides this, there are also forums for the hacker community where they share new methods and tips to break into locked iPhones.
Even some unnamed repair companies have become actual customers of companies that illegally reset and reactivate the iCloud-locked iPhone.
“There are many listings on eBay, Craigslist, and wholesale sites for phones billed as ‘iCloud-locked,’ or ‘for parts’ or something similar,” added Motherboard. “While some of these phones are almost certainly stolen, many of them are not. According to three professionals in the independent repair and iPhone refurbishing businesses, used iPhones — including some iCloud-locked devices — are sold in bulk at private ‘carrier auctions’ where companies like T-Mobile, Verizon, Sprint, AT&T, and cell phone insurance providers sell their excess inventory (often through third-party processing companies.)”
Basically, in the event your iPhone is stolen or lost, ensure that you change the password of your iCloud account immediately. Further, beware of phishing scams and carefully check the addresses or URLs of the websites you visit, especially login pages. It is recommended to keep a unique password not only for your iCloud account but also for every other online account. Also, ensure that you have enabled two-step authentication on your iCloud account.
The author Kavita Iyer
An individual, optimist, homemaker, foodie, a die hard cricket fan and most importantly one who believes in Being Human