An anonymous hacker claimed that he has exploited an iCloud security flaw, allowing anyone to unlock a lost or stolen iPhone. Apple contacted him about the matter on Wednesday, but he deleted the email. He claims that he warned Apple months ago, but the company didn’t take him seriously.
The hack bypasses the iCloud security system for iOS devices called Activation Lock. If you use the free DoulCi site, a locked iOS device will think it’s talking to official iCloud servers, when connected to a computer. The hack adds just one line of code to the “hosts” file on a computer; this allows the computer to redirect requests to iCloud servers to DoulCi servers, which will let anyone unlock an iPhone.
iPhone theft represents a large amount of the crime in San Francisco and New York, and lawmakers want all smartphones to have kill switches built-in. Activation Lock was Apple’s response to the problem, but this hack has rendered its security useless.
The hackers claim that they’ve unlocked 5,700 devices in just five minutes, and another 10,000 afterwards.
