Apple has done a lot to keep iPhones safer from thefts over the last year or so, most notably in the introduction of Activation Lock with iOS 7. But now Dutch publication De Telegraaf(via MacRumors) reports that two hackers dubbing themselves AquaXetine and MerrukTechnolog have found a way around Apple’s usually effective system for keeping user data safe.
Specifically, the two hackers managed to find a way around Activation Lock, thus allowing thieves with malicious intentions to resell stolen iPhones. Worse yet, their method may even grant thieves access to passwords for Apple IDs and any information store in iCloud. The pair claim they worked on exploiting the vulnerability for five months and broke it by posting a dummy computer between the iPhone and Apple servers, leaving iOS to believe it’s communicating with Apple.
The duo have reportedly used the vulnerability to unlock 30,000 iPhones just over the last few days (although they claim in the article they have consumer safety in mind rather than cash). They reported contacted Apple about the vulnerability way back in March, but after receiving no word from the tech giant, they went public with the information in the hopes that it may spur some action.
Initially it was thought that an SSL bug in iTunes for Windows was the culprit (via iPhone in Canada), but AquaXetine laughed off the suggestion in a post on Twitter this afternoon. Here’s to hoping Apple gets it fixed soon.
Follow this article’s writer, Leif Johnson, on Twitter.
More: continued here