A Look at How Hackers, Thieves, and Repair Shops Access iCloud-Locked iPhones [Report]

A Look at How Hackers, Thieves, and Repair Shops Access iCloud-Locked iPhones [Report]

Posted by · 20224 views · Translate

A new report from Motherboard details the methods used by hackers, thieves, and repair shops to access iCloud-locked iPhones.

iCloud-locked devices have Find My iPhone's Activation Lock feature enabled. This means that an iCloud passcode is required before anyone can turn off Find My iPhone, erase the device, or reactivate and use the device. Often this feature renders stolen iPhone devices useless; however, it can also be a major problem for users who have forgotten their password or for companies who have received Apple devices on trade-in.

The feature has led some muggers to demand victims remove their iCloud account from iPhones before stealing their device. It has also created a complex supply chain of different scams and schemes to unlock devices involving fake receipts, social engineering, custom phishing kits, and more.

Motherboard notes there are three ways to remove an iCloud account from an iPhone:
● The password to the original owner’s iCloud can be entered to remove it, which a hacker could obtain via phishing.
● An Apple Store manager can override iCloud. Scammers can trick Apple Store managers into unlocking a device they don’t own.
● The iPhone's CPU can be removed from the Logic Board and reprogrammed to create what is essentially a “new” device (this is very labor intensive and rare. It is generally done in Chinese refurbishing labs and involves stealing a “clean” phone identification number called an IMEI.)

Phishing may be the easiest way for a hacker to obtain the original owner's iCloud password. There are even beginner phishing kits available such as AppleKit and ProKit that feature support, tutorial videos, a ticketing service, and more

The iCloud phishing kits come with templates designed to trick a victim that their iPhone was found. These kits allow a hacker to send SMS messages that appear to come from Apple that could trick a victim into giving up their iCloud credentials, and the kits can even generate fake maps of where the victim’s phone has apparently been discovered to further entice them. The kits keep track of a hacker’s list of targets, provide notifications on successful phishes, and some require next to no technical setup, according to tutorial videos on how to use them.

If the victim does not fall for a phishing attack, the next easiest method to obtain access to the device is tricking Apple into unlocking it. The company has an "iCloud Support App" that lets Apple Store employees look up the iCloud status of any phone and also allows managers to "request unlock" of a device. If a customer brings in their original receipt proving they are the owner of the device, Apple will unlock it.

“You formulate a fake receipt, take it to the Apple Store, and say ‘Hey, I forgot my Apple ID information, but here’s a receipt,’” Mick Ventocilla, owner of Lakeshore Tech Repair, told Motherboard. Ventocilla says he doesn't use the method but knows many in the repair industry who do. “They remove it. That’s one of the most common ways.”

Many more details in the full report linked below...

Read More

A Look at How Hackers, Thieves, and Repair Shops Access iCloud-Locked iPhones [Report]