Skip to main content

Hackers Allegedly Bypass iOS Activation Lock

Have hackers killed the iOS kill switch? So claims a pair of hackers, who say they've found a way to hijack the connection between a lost and locked iPhone and Apple's servers, thus unlocking the phone and undermining Apple's much-vaunted "Activation Lock" anti-theft protection. 

Activation Lock is a feature introduced in iOS 7 that lets users remotely put their phone into Lost Mode or remotely wipe the phone of its sensitive data. In Lost Mode, the phone will display a custom message (such as "This phone is lost: please return to so-and-so") and can only be unlocked with its proper user's Apple ID and password—even if the phone is wiped. This is meant to make it impossible for thieves to resell stolen phones.

MORE: Smartphone Kill Switch: What It Is, How It Might Work

Smartphone anti-theft features such as Apple's Activation Lock are generally known as "kill switches," and many United States politicians and law enforcement officials have been pushing to make them legally mandatory for all smartphones.

Enter the pair of hackers known as AquaXetine and MerrukTechnolog. Hailing from the Netherlands and Morocco, the two told Dutch newspaper De Telegraaf that they can bypass Activation Lock by inserting their own computer in the middle of the connection between a locked iPhone and Apple's servers. The iPhone then believes that the hackers' computer is Apple's servers, and will accept a command to unlock itself, thus exposing any data still on the lost phone and making it easy for criminals to resell the iPhone.

The hackers told De Telegraaf that they alerted Apple about this critical issue in late March, and that Apple did not respond, which is why they are now going public with the information. Before that, they spent five months studying the way data passes from iOS devices to Apple's iCloud servers before they figured out their hack.

AquaXetine and MerrukTechnolog have not revealed how they accomplish this iOS Activation Lock hack, though AquaXetine said on Twitter that they are not using an SSL bug (SSL is a protocol for encrypting data in transit). The hackers told De Telegraaf they have unlocked 30,000 iPhones in the past few days. Thus far Apple has not commented on the issue.

Users concerned about the ability to protect lost or stolen iOS devices can use a third-party anti-theft app such as Lookout, which also lets users remotely lock, locate and wipe their phones.

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+.  Follow us@TomsGuide, on Facebook and on Google+.

  • house70
    Third-party apps should be better than anything Apple could put out, anyways. Apple is too busy paying their lawyers; coders are a second thought.
    Reply
  • ptmmac
    There is no excuse for printing the hacker handle of theives such as these. There is no other possible use for this except to unlock stolen goods to increase their value to those who stole them. What ever happened to any sense of integrity?
    Reply
  • RCguitarist
    There is no excuse for printing the hacker handle of theives such as these. There is no other possible use for this except to unlock stolen goods to increase their value to those who stole them. What ever happened to any sense of integrity?

    Those guys don't appear to be thieves. They alerted apple and are not revealing to the public how to do it. They are helping get things fixed.
    Reply
  • sinclaj1
    This is the part that scares me: "they spent five months --- ***studying the way data passes from iOS devices to Apple's iCloud servers*** --- before they figured out their hack."
    Reply
  • derekullo
    Where do you find 30,000 IPhones to "test" with?
    Reply
  • computernerdforlife
    There are some of us who have a younger sibling who forgot their apple/icloud password and chose to use a random security question of which they cannot recall. We called Apple and they want a proof of purchase from Christmas last year for the device. My in-laws do not have that so they refused to help altogether. I was blown away.

    Their must be at least a few circumstances where young people forget their password AND their recovery password for their e-mail (which is typically the same), and their security question does not help. My in-law is bullied at school so he chose another date of birth as his security question so his bullies don't harass his Apple account. Anyhow, I look forward to bypassing this so I can return his Apple device in a working state.
    Reply
  • das_stig
    2 months and Apple haven't took their heads out of their collective backsides. This is what happens when a company gets too big and ignores its users. Microsoft have sort of learnt this, Google are slowly getting there, Apple and Facebook are in LA LA land !
    Reply
  • GlassFTW
    IOS IS A GLORIFIED APP LAUNCHER FULL OF SECURITY HOLES.

    AT HACKER CONS, APPLE PRODUCTS ARE ALWAYS THE FIRST TO FALL!
    Reply
  • dro2
    "have not revealed how they accomplish this iOS Activation Lock hack"..lol Then it's BS until they do.
    Reply
  • dro2
    IOS IS A GLORIFIED APP LAUNCHER FULL OF SECURITY HOLES.

    AT HACKER CONS, APPLE PRODUCTS ARE ALWAYS THE FIRST TO FALL!

    The fact you're typing in all capital shows your intelligence and maturity level.
    Reply