Thieves can disable Find My iPhone and delete your iCloud account thanks to security glitch in iOS 7

Thieves can disable Find My iPhone and delete your iCloud account thanks to security glitch in iOS 7
With iOS 7, the only way to delete an iCloud account or restore a wiped device, is to disable Find My iPhone. And the only way to disable Find My iPhone is to enter your Apple ID password. Apple did this to prevent thieves from avoiding detection from the Find My iPhone application. But it seems that there is a way for the bad guys to bypass this security set-up. Going to the iCloud settings panel, you need to press "delete account" at the same time you click on the switch to disable Find My iPhone. That combination, done at the same time, requires a bit of dexterity, but it can be done.

You then will be prompted to enter a password at which time you hold down the power button and turn off your handset. When you reboot the iPhone, you can then go into the iCloud setting panel and remove the account without being asked for a password. It will then allow anyone to plug the phone into iTunes and restore it with no questions asked. And with Find My iPhone disabled, the Activation Lock will not save you.

We would expect to see Apple working feverishly on a fix for this problem. The last thing you want to happen if your iPhone is stolen is for the thieves to remove your iCloud account, making it much easier for them to find a buyer for the device.



source: MiguelAlvarado, 9to5Mac via Gizmodo

FEATURED VIDEO

48 Comments

1. palmguy

Posts: 982; Member since: Mar 22, 2011

Can I say it? "It just works" :)

4. Mxyzptlk unregistered

It does just works.

8. VZWuser76

Posts: 4974; Member since: Mar 04, 2010

It does just work, not works.

12. jroc74

Posts: 6023; Member since: Dec 30, 2010

Apple, iPhone, iPad troubleshooting forum sections says other wise. I dont think there is a need for me to post macrumors forum sections..I spent enough time there when I was actually interested in Apple some years ago to know it..... doesnt .....just works.....

13. networkdood

Posts: 6330; Member since: Mar 31, 2010

Wrong, as usual...

15. PBXtech

Posts: 1032; Member since: Oct 21, 2013

If you mean it works to get people to repeat buy, no matter what problems exist, then yes, it does just work.

21. tedkord

Posts: 17356; Member since: Jun 17, 2009

Disabling security after you steal the iPhone apparently does just work.

27. DigitalJedi_X2

Posts: 346; Member since: Jan 30, 2012

Clearly... It doesn't.

29. InspectorGadget80 unregistered

see this blind guy doesn't realize everything have A GLITCH. even this article say's HACKERS can steal your account.

34. fireblade

Posts: 717; Member since: Dec 27, 2013

yeah, the glitch works too

11. jroc74

Posts: 6023; Member since: Dec 30, 2010

lol.... Boy oh boy...one thing I do see less of now....is iPhone fanboys claiming this. Articles like this must be driving home the point that nothing is perfect....nothing...:"just works"

23. mafiaprinc3

Posts: 585; Member since: May 07, 2012

nothing new for IOS, always some easy bypass to their so called secure OS

32. cgarcia2606

Posts: 1; Member since: Apr 03, 2014

is simple trigger restrictions, modify accounts assign a password to modify the restrictions and even this activated my iCloud icon and go!

36. irbaaz

Posts: 175; Member since: Mar 27, 2014

Not on iphone 5 atleast... In 7.0.6 their was other method that use to work flawlessly and tried it that and it was worling.. But in 7.1 it is fixed

2. palmguy

Posts: 982; Member since: Mar 22, 2011

But I don't get it. They come out with 1 (and a half this year) phone per year. One major software update per year. How did they miss this?

9. PBXtech

Posts: 1032; Member since: Oct 21, 2013

And they have control over the hardware and software sides. I know bugs happen, but iOS7 has been riddled with them more than a company the size and wealth of Apple should be having.

3. stealthd unregistered

So they need to know your phones passcode to do this then. That doesn't sound as bad as they're making it out to be.

7. VZWuser76

Posts: 4974; Member since: Mar 04, 2010

I think they said to enter a password. I believe what they're implying is you enter "a new password", not the phone owner's password. And then after the reboot, the delete the iCloud account, making the phone free to use on any account. Basically it would be the same as doing a factory reset on an Android phone. At that point the only way to tell if it was stolen would be with the serial number, but according to this article, the system would see it like the owner removed the device from their account, just as if they were going to sell it. If so, that's bad. The bad thing about articles like this is it basically gives would be thieves a roadmap to do this. If they instead just said what the end result is, without giving away the "how to" part, it would make them work harder to find that info.

22. stealthd unregistered

The point here is that when Find My iPhone is enabled on a device, it's supposed to require the Apple ID/password (not the device's passcode) to do a factory reset. This glitch allows you to bypass that, but it only works if you have access to the settings app, which you'd only get by getting past the lockscreen. There's also the possiblity that the device's owner could use the Find My iPhone service to remotely lock the device. That'll only work if they can do it before the thief takes advantage of this glitch though.

28. VZWuser76

Posts: 4974; Member since: Mar 04, 2010

I've never had my lock screen password protected, mainly because 90% of my time is spent on a farm, and I have no passwords or financial stuff stored on my phone, and it is theft insured. But I'd guess the majority of phone users either don't know about or don't care about security.

41. zokee

Posts: 4; Member since: Jun 07, 2014

your spot on , change hes pass word to what ever u like, re boot and delete. on ya mate!!!

5. Sauce unregistered

This was a joke. The guy said it himself lol. Boy does PA research anything these days? Didn't they just tell some other story about a text campaign the made zero sense? Lollll.. Editors/Authors: If you see this…you need to do a better job.

31. techperson211

Posts: 1280; Member since: Feb 27, 2014

Yeah it was a joke..... And a real one.

42. zokee

Posts: 4; Member since: Jun 07, 2014

change hes pass word to what ever u like, re boot and delete

33. roscuthiii

Posts: 2383; Member since: Jul 18, 2010

Well, Alan F. will pretty much just post any Apple story he sees out there on the interwebs as long as it has the uppercase A, or a lower case i... And editors? I'm not even sure there's an editor, much less editors.

6. Anshulonweb

Posts: 468; Member since: Feb 07, 2014

buy an iPhone they said...it is very secure and bug free they said

30. InspectorGadget80 unregistered

and they say it WORKS. not really

10. PapaSmurf

Posts: 10457; Member since: May 14, 2012

I removed the iCloud lock from a company phone. That iPhone 4 is now wiped and lock free.

14. networkdood

Posts: 6330; Member since: Mar 31, 2010

iArrogance

16. StraightEdgeNexus

Posts: 3689; Member since: Feb 14, 2014

Thats pretty cool man. Just works. Perfect privacy and security. No virus and no lags.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.