Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Hackers claim to have exploit for iCloud, use vulnerability to disable Activation Lock

Last updated

A group of hackers calling themselves "Team DoulCi" say that they have figured out a way to execute a man-in-the-middle attack that gives them the ability to intercept users' Apple ID credentials as well as unlock iOS devices that have been made unusable by Activation Lock.

The attack is made possible because the Windows version of iTunes does not properly verify security certificates, according to security researcher Mark Loman of SurfRight. The disclosure was first made on Dutch technology website Tweakers.net.

The hackers, who are not affiliated with Loman, have demonstrated the attack's efficacy by sharing screenshots of what they say are calls to Apple's iCloud activation service. A number of others have chimed in on social media with similar success stories.

Apple recently patched a similar vulnerability in OS X and iOS, but iTunes on Windows remains susceptible. Loman believes that the issue is "either a beginner's mistake, or it was done on purpose" and alleges that it may have been designed to allow intelligence agencies access to iCloud.

Until Apple issues a fix, users are advised not to use iCloud services over public Wi-Fi networks. Users of older iOS devices that no longer receive software updates, such as the first-generation iPad and iPhone 3GS, should exercise particular caution as the vulnerability cannot be patched in those devices.



62 Comments

macsince1988 15 Years · 74 comments

Does this only apply if you are using the Windows version of iTunes?

tnet-primary 13 Years · 242 comments

Insane if that really is a basic development mistake. Why would Apple patch the Mac version, but leave the Windows version vulnerable?

arlor 13 Years · 533 comments

Quote:
Originally Posted by AppleInsider 

Users of older iOS devices that no longer receive software updates, such as the first-generation iPad and iPhone 3GS, should exercise particular caution as the vulnerability cannot be patched in those devices.

 

You mean *will* not be patched. 

gatorguy 13 Years · 24627 comments

http://www.valuewalk.com/2014/05/apple-icloud-hack-by-dutch-hackers/

danielsw 15 Years · 906 comments

[quote name="Arlor" url="/t/179912/hackers-claim-to-have-exploit-for-icloud-use-vulnerability-to-disable-activation-lock#post_2537621"] You mean *will* not be patched.  [/quote] No matter the wording, those who don't upgrade are like animals who can't keep up with the herd and become easy prey to jackals and the like.