Apple's anti-theft feature for iOS, Activation Lock, has been compromised by a group of hackers. Two individuals going by the names AquaXetine and MerrukTechnolog claim that they have broken through Activation Lock's security features, which means that stolen devices can be activated with little effort. Just one line of code is all that is needed for people to unlock bricked iDevices, and the hackers have released that code.
Not only can stolen phones and tablets be unlocked, personal information can reportedly be taken from the devices as well. AquaXetine said Apple was contacted before the hackers let the code go public but because the Cupertino, California-based company did not respond until recently, the hackers decided to move forward in this way, which has surely gotten the attention of Apple as well as criminals.
Man in the Middle
Once criminals have an iOS device in hand, they can plug it into a Windows computer and perform the attack. Exact details regarding the vulnerability and exploitation have yet to be released, but the attack has been described as a man-in-the-middle exploitation. This means that the hacker's computer tricks Activation Lock into thinking that it is communicating with a secure Apple server.
With AquaXetine and MerrukTechnolog's code, someone with a stolen iOS product can tell that device to unlock, and since they are impersonating Apple, the device will do whatever it is told to do. Instructions have been posted on the team's site and the hackers, operating as "doulCi," say the code is supposed to be used for good and not to unlock stolen devices. Their service is marketed as the first alternative iCloud server, and Activation Lock bypassing is made possible by adding a server address to an operating system's host file.
Even though the doulCi service is supposedly meant for individuals who are locked out of their own devices, Twitter is currently filled with photos of people unlocking multiple devices at once. Given that information and common sense, it is obvious that doulCi is meant as a tool for the multimillion-dollar stolen-electronics market.
A Known Issue
The hackers have not specified which versions of iOS this will work on, nor have they explained how such an elaborate system like Activation Lock can be bypassed with one simple piece of code. However, some information has begun to come out from security researchers like Mark Loman, who said the hack was made possible because of a known issue in iTunes for Windows.
While speaking with iPhone In Canada, Loman said a known SSL issue would allow this sort of hack to take place. Apple released a fix, but the fix was only applied to some pieces of Apple software.
"The problem is with verifying the certificate," Loman said. "Apple appears to have deliberately left out this essential step required for proper secure communication. They fixed it last month for iOS but forgot to fix it for iTunes. But the jailbreak community is already making use of it -- which is how I figured it out."