December 24, 2024
A Look at How Hackers, Thieves, and Repair Shops Access iCloud-Locked iPhones [Report]

A Look at How Hackers, Thieves, and Repair Shops Access iCloud-Locked iPhones [Report]

Posted February 6, 2019 at 8:55pm by iClarified
A new report from Motherboard details the methods used by hackers, thieves, and repair shops to access iCloud-locked iPhones.

iCloud-locked devices have Find My iPhone's Activation Lock feature enabled. This means that an iCloud passcode is required before anyone can turn off Find My iPhone, erase the device, or reactivate and use the device. Often this feature renders stolen iPhone devices useless; however, it can also be a major problem for users who have forgotten their password or for companies who have received Apple devices on trade-in.

The feature has led some muggers to demand victims remove their iCloud account from iPhones before stealing their device. It has also created a complex supply chain of different scams and schemes to unlock devices involving fake receipts, social engineering, custom phishing kits, and more.


Motherboard notes there are three ways to remove an iCloud account from an iPhone:
● The password to the original owner’s iCloud can be entered to remove it, which a hacker could obtain via phishing.
● An Apple Store manager can override iCloud. Scammers can trick Apple Store managers into unlocking a device they don’t own.
● The iPhone's CPU can be removed from the Logic Board and reprogrammed to create what is essentially a “new” device (this is very labor intensive and rare. It is generally done in Chinese refurbishing labs and involves stealing a “clean” phone identification number called an IMEI.)

Phishing may be the easiest way for a hacker to obtain the original owner's iCloud password. There are even beginner phishing kits available such as AppleKit and ProKit that feature support, tutorial videos, a ticketing service, and more

The iCloud phishing kits come with templates designed to trick a victim that their iPhone was found. These kits allow a hacker to send SMS messages that appear to come from Apple that could trick a victim into giving up their iCloud credentials, and the kits can even generate fake maps of where the victim’s phone has apparently been discovered to further entice them. The kits keep track of a hacker’s list of targets, provide notifications on successful phishes, and some require next to no technical setup, according to tutorial videos on how to use them.

If the victim does not fall for a phishing attack, the next easiest method to obtain access to the device is tricking Apple into unlocking it. The company has an "iCloud Support App" that lets Apple Store employees look up the iCloud status of any phone and also allows managers to "request unlock" of a device. If a customer brings in their original receipt proving they are the owner of the device, Apple will unlock it.


“You formulate a fake receipt, take it to the Apple Store, and say ‘Hey, I forgot my Apple ID information, but here’s a receipt,’” Mick Ventocilla, owner of Lakeshore Tech Repair, told Motherboard. Ventocilla says he doesn't use the method but knows many in the repair industry who do. “They remove it. That’s one of the most common ways.”

Many more details in the full report linked below...

Read More


A Look at How Hackers, Thieves, and Repair Shops Access iCloud-Locked iPhones [Report]
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments
You must login or register to add a comment...
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sequoia
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS