Roger Fingas
Apple's removal of the iCloud Activation Lock status page last week was likely connected to hacks letting people bypass the Activation Lock system, a report noted on Monday.
By changing one or two characters in an invalid serial number, it becomes possible to stumble across a value that will crack a bricked Apple device. The status check page made this a realistic option, since hackers could simply keep plugging in new characters there until they found something that worked.
The flaw, first pointed out by MacRumors might also explain some glitches encountered since September, in which people suddenly find their devices locked to an unknown Apple ID and can't regain control without Apple's help.
Complaints along those lines have revolved around the iPhone 6s, 7, and their Plus equivalents, but could conceivably apply to any device with Activation Lock, such as an iPad, iPod touch, or Apple Watch.
Online Activation Lock checks previously made buying a used Apple device more reliable, since shoppers could ask for an IMEI or serial number and verify it before sending any money. Without that system, the only way of checking is in person, which probably isn't an option if the seller is in another city or a buyer is worried about being robbed.
The black market could take advantage of the new situation, since thieves can more easily unload stolen goods.
Other Activation Lock vulnerabilities have been exposed in the past. In November, a researcher showed that it was possible to bypass the system on an iPad by flooding Wi-Fi logins with long character strings and repeatedly opening and closing a Smart Cover.
Sponsored Content
Wesley Hilliard
AppleInsider Staff
Andrew Orr
Amber Neely
William Gallagher
13 Comments
Pojnt is Apple is not talking and they should be explaining why they did it.
the page was only blocked from the Mac, works just fine from iPad, like Tim's iPad
It is very inconvenient for buyer to not know if used iphone is iCloud lock or not before meeting seller. But, this also makes potential buyers to not send money before meeting in seller and check out "Find my iPhone" is OFF and same time patiently check other issues with iphone before handing over the cash. Not sure how this sentence from article is true ? "The black market could take advantage of the new situation, since thieves can more easily unload stolen goods." There is no difference to those shady people with or without tool how they fool buyers. It is up to buyer, long as buyer don't pay unless have good working iphone in his/her hand before paying. Actually, this will force seller/buyer to meet at cell carrier place to verify and get iphone properly activated.
okay, this is the feature Apple put because the Police were complaining that iphone got stolen more time than any other phone and the Authorities what a way that could local a phone to make it worthless to the person who stole it. So know the thieve are using it against the people the police thought they were protecting. With the new phone with touch ID, you do not need this, is some steals your phone it is worthless if you have touch ID.
See what happen when the Police and Authorities come up with a solution to their so called problem, they make it less safe for the rust of us.