One of iOS’ security features is Activation Lock. For those unfamiliar, Activation Lock is basically a mechanism that prevents a thief from resetting and wiping a stolen iPhone unless they enter the owner’s Apple ID and password. This is meant to be an anti-theft measure to discourage thieves from stealing iPhones.
So far the feature has been met with praise, with government officials and lawmakers commending Apple on their efforts. However it seems that no system is without its flaws, and according to two hackers who go by the handles AquaXetine and MerrukTechnolog, they claim to have found a vulnerability in Activation Lock.
The duo claims that this vulnerability not only allows thieves to work around the security mechanism, but could possibly even retrieve Apple ID and passwords and any other information stored on Apple’s iCloud storage service. What they did was that they used a dummy computer which tricked the iPhone into thinking it was Apple’s servers, thus reversing the effects of Activation Lock.
Initially it was thought that the hackers exploited an SSL bug, but one of the hackers has since denied it. The hackers have also attempted to reach out to Apple back in March, but received no word from Apple since then, which prompted them to go public with their findings. Apple has yet to comment on the issue but here’s hoping that they get it fixed ASAP.