Have hackers killed the iOS kill switch? So claims a pair of hackers, who say they've found a way to hijack the connection between a lost and locked iPhone and Apple's servers, thus unlocking the phone and undermining Apple's much-vaunted "Activation Lock" anti-theft protection.
Activation Lock is a feature introduced in iOS 7 that lets users remotely put their phone into Lost Mode or remotely wipe the phone of its sensitive data. In Lost Mode, the phone will display a custom message (such as "This phone is lost: please return to so-and-so") and can only be unlocked with its proper user's Apple ID and password—even if the phone is wiped. This is meant to make it impossible for thieves to resell stolen phones.
Smartphone anti-theft features such as Apple's Activation Lock are generally known as "kill switches," and many United States politicians and law enforcement officials have been pushing to make them legally mandatory for all smartphones.
Enter the pair of hackers known as AquaXetine and MerrukTechnolog. Hailing from the Netherlands and Morocco, the two told Dutch newspaper De Telegraaf that they can bypass Activation Lock by inserting their own computer in the middle of the connection between a locked iPhone and Apple's servers. The iPhone then believes that the hackers' computer is Apple's servers, and will accept a command to unlock itself, thus exposing any data still on the lost phone and making it easy for criminals to resell the iPhone.
The hackers told De Telegraaf that they alerted Apple about this critical issue in late March, and that Apple did not respond, which is why they are now going public with the information. Before that, they spent five months studying the way data passes from iOS devices to Apple's iCloud servers before they figured out their hack.
AquaXetine and MerrukTechnolog have not revealed how they accomplish this iOS Activation Lock hack, though AquaXetine said on Twitter that they are not using an SSL bug (SSL is a protocol for encrypting data in transit). The hackers told De Telegraaf they have unlocked 30,000 iPhones in the past few days. Thus far Apple has not commented on the issue.
Users concerned about the ability to protect lost or stolen iOS devices can use a third-party anti-theft app such as Lookout, which also lets users remotely lock, locate and wipe their phones.