Anonymous hacker exploits iCloud security flaw
24 May 2014
An anonymous hacker is reported to have exploited an iCloud security flaw on Wednesday. The hacker, who is said to use the handle AquaXetine, told cultofmac [Cult of Mac] via email that he had been contacted by Apple after he discovered the security flaw.
''They have asked me to contact [them] as quickly as possible, but why now?'' AquaXetine said in the email. ''I've already warned Apple couple months ago.'' The email had been reportedly confirmed by Cult of Mac as having been received from Apple.
The site further reported that the hack was the first of its kind, bypassing iCloud security systems on locked iOS devices.
By utilising the free DoulCi site, which according to Cult of Mac was down on Wednesday but back up the next morning, the Activation Lock of a locked iOS device could be tricked into thinking that it was ''talking to Apple's iCloud servers when connected to a computer.''
The Activation Lock, mechanism, helps prevent a thief from resetting and wiping a stolen iOS device without entering the actual owner's Apple ID and password, an anti-theft measure to discourage thieves from stealing and resetting iPhones.
Meanwhile, a hacker group has claimed an exploit that that allows regaining of lost or stolen iPhones that had been deactivated via iCloud, reports Apple Insider.
The activation lock feature of iCloud, is specifically designed to "[make] it harder for anyone to use or sell your iPhone, iPad, or iPod touch if it's ever lost or stolen." As soon as users realised their iPhone was missing in such a way that they would never see it again, they could deactivate their device to protect their contacts, email, and photographs from being seen by prying eyes.
The hacker group Team DoulCi said it was able to reactivate and use phones that had been disabled by activation lock.
Security researcher Mark Loman said this was possible using a Windows PC because "the Windows version of iTunes does not properly verify security certificates."