Slashdot Mirror
How Hackers and Scammers Break Into iCloud-Locked iPhones (vice.com)
Motherboard's Joseph Cox and Jason Koebler report of the underground industry where thieves, coders, and hackers work to remove a user's iCloud account from a phone so that they can then be resold. They reportedly are able to do this by phishing the phone's original owners, or scam employees at Apple Stores, which have the ability to override iCloud locks. The other method (that is very labor intensive and rare) involves removing the iPhone's CPU from the Logic Board and reprogramming it to create what is essentially a "new" device. It is generally done in Chinese refurbishing labs and involves stealing a "clean" phone identification number called an IMEI. Here's an excerpt from their report: Making matters more complicated is the fact that not all iCloud-locked phones are stolen devices -- some of them are phones that are returned to telecom companies as part of phone upgrade and insurance programs. The large number of legitimately obtained, iCloud-locked iPhones helps supply the independent phone repair industry with replacement parts that cannot be obtained directly from Apple. But naturally, repair companies know that a phone is worth more unlocked than it is locked, and so some of them have waded into the hacking underground to become customers of illegal iCloud unlocking companies.
In practice, "iCloud unlock" as it's often called, is a scheme that involves a complex supply chain of different scams and cybercriminals. These include using fake receipts and invoices to trick Apple into believing they're the legitimate owner of the phone, using databases that look up information on iPhones, and social engineering at Apple Stores. There are even custom phishing kits for sale online designed to steal iCloud passwords from a phone's original owner. [...] There are many listings on eBay, Craigslist, and wholesale sites for phones billed as "iCloud-locked," or "for parts" or something similar. While some of these phones are almost certainly stolen, many of them are not. According to three professionals in the independent repair and iPhone refurbishing businesses, used iPhones -- including some iCloud-locked devices -- are sold in bulk at private "carrier auctions" where companies like T-Mobile, Verizon, Sprint, AT&T, and cell phone insurance providers sell their excess inventory (often through third-party processing companies.)
In practice, "iCloud unlock" as it's often called, is a scheme that involves a complex supply chain of different scams and cybercriminals. These include using fake receipts and invoices to trick Apple into believing they're the legitimate owner of the phone, using databases that look up information on iPhones, and social engineering at Apple Stores. There are even custom phishing kits for sale online designed to steal iCloud passwords from a phone's original owner. [...] There are many listings on eBay, Craigslist, and wholesale sites for phones billed as "iCloud-locked," or "for parts" or something similar. While some of these phones are almost certainly stolen, many of them are not. According to three professionals in the independent repair and iPhone refurbishing businesses, used iPhones -- including some iCloud-locked devices -- are sold in bulk at private "carrier auctions" where companies like T-Mobile, Verizon, Sprint, AT&T, and cell phone insurance providers sell their excess inventory (often through third-party processing companies.)
Very interesting timing on this story. Friday my son's iPhone 7 was stolen at school around 11 AM. Before he made it home at 3 PM his iPhone had been taken over - he had emails between 2:42 and 2:45 showing where someone had changed his gmail password, logged into his gmail account on a different phone, changed the password on his Apple account (which used the gmail account for the Apple ID), and disabled Find My Phone on his stolen phone (and the email from Apple helpfully indicated that now the device could be reset and logged into without the Apple ID credentials). The IP address that was done from was at his high school (the phone did not have cellular service - he used it with WiFi only).
I'm still trying to wrap my head around the fact that someone at this relatively small school knew how to take over an iPhone locked with a 6 digit passcode. It appears that gmail was the weak link here. My guess is to what happened is that since the google apps were installed on the iPhone, when a "lost password" was triggered from a different phone, Google sent a reset code to the stolen phone. I haven't bothered to try and test this, but my hunch is that the reset code that Google sent to his phone was a notification accessible while the phone was locked.
The lesson I have learned here (in any case, since the first step that occurred was his Google account password was changed and logged into from a different phone) is NEVER use gmail addresses for your Apple ID. That was the attack vector, and if it is too easy for someone to change your gmail password, then it's too easy for them to take over your hardware devices as well.
Better known as 318230.
Personally I'd rather that my phone is less likely to be attractive to a thief and thus less likely to be stolen. Activation lock (and the like from other manufacturers) have caused phone thefts to drop. People still steal them but it's a less attractive target since they know all the work that has to go into unlocking them. That's good enough for me.
As for ending up in a landfill.. the article shows that that doesn't happen. They end up getting sold off for parts or for people who for some reason are willing to put in the work.
Heck.. since you feel the way you do then just turn off the feature. Nobody's forcing you to leave it on. Now thieves can do as they like once they've got your phone. Easy peasy.
There's a very minimal decrease in probability of being stolen
Absolutely false. There has been a huge drop in smartphone thefts worldwide thanks to this technology. Stop spreading FUD.
Mike @ The Geek Pub. Let's Make Stuff!