Hackers, Thieves, and Repair Shops Access iCloud-Locked iPhones, Hereโs How
Hackers, thieves, and repair shops have discovered a new way to bypass the โFind My iPhoneโ feature on iCloud-locked iPhones so that they can sell stolen or non-stolen devices, according to a report from Motherboard.
For those unaware, โFind my iPhoneโ is an app and service from Apple, which lets you locate, lock down or wipe your lost iPhone, iPad, iPod, orย Macbook and requires a password to continue. Apple had introduced this feature in 2013ย to safeguard peopleโs information stored on their iPhones.
In order to keep iPhones secure and make it less valuable targets to would-be thieves, iPhones can be associated only to one iCloud account at a time. This means that the hackers and thieves need to figure a way out to remove the iCloud account from the iPhone in order to sell the stolen device to someone else or for someone new to use it. The iCloud account can only be removed by entering the Apple ID password.
โThe iCloud security feature has likely cut down on the number of iPhones that have been stolen, but enterprising criminals have found ways to remove iCloud in order to resell devices. To do this, they phish the phoneโs original owners, or scam employees at Apple Stores, which have the ability to override iCloud locks. Thieves, coders, and hackers participate in an underground industry designed to remove a userโs iCloud account from a phone so that they can then be resold,โ according to Motherboard.
In order to get into iCloud-locked iPhones, thieves are now producing fake receipts and invoices to fool Appleย into believing that they are the actual owners of the phone. While the tricks include social engineering at Apple Stores, there are also โcustom phishing kits for sale online designed to steal iCloud passwords from a phoneโs original owner,โ mentions Motherboard.
Additionally, a few hackers also reprogram stolenย iPhonesย with a new IMEI. Besides this, there are also forums for the hacker community where they share new methods and tips to break into locked iPhones.
Even some unnamed repair companies have become actual customers of companies that illegally reset and reactivate the iCloud-locked iPhone.
โThere are many listings on eBay, Craigslist, and wholesale sites for phones billed as โiCloud-locked,โ or โfor partsโ or something similar,โ addedย Motherboard. โWhile some of these phones are almost certainly stolen, many of them are not. According to three professionals in the independent repair and iPhone refurbishing businesses, used iPhones โ including some iCloud-locked devices โ are sold in bulk at private โcarrier auctionsโ where companies like T-Mobile, Verizon, Sprint, AT&T, and cell phone insurance providers sell their excess inventory (often through third-party processing companies.)โ
Basically, in the event your iPhone is stolen or lost, ensure that you change the password of your iCloud account immediately.ย Further, beware of phishing scams and carefully check the addresses or URLs of the websites you visit, especially login pages. It is recommended to keep a unique password not only for your iCloud account but also for every other online account. Also, ensure that you have enabled two-step authentication on your iCloud account.