Vulnerability detected that allows iOS 7 Activation Lock protection to be bypassed
From a Dutch technology website, we have received news of the discovery of a vulnerability in iTunes that could easily trigger the iCloud reactivation of an iOS-enabled device when its access has been blocked.
Two hackers, who belong to the DoulCi group, have developed a utility that would take advantage of this vulnerability to unlock the phones without having to enter the Apple ID or password, i.e. bypassing the Activation Lock protection.
The instructions on its website are very simple, you simply add a ” magic line ” to the “hosts” file of the operating system you are using, connect the terminal to the USB port, run iTunes and wait a few seconds for the tool to skip the authentication of the iCloud activation screen .
DoulCi, which is also the name of the tool, would make use of an alternative server to the iCloud one , which has previously been added to the “hosts” file, which would imitate its behaviour but would not have Apple’s security measures , making it possible to cheat. The main use of the procedure could be when we forget the password or Apple’s ID, although of course there is also the risk of being used with bad intentions by friends of others and the like.
Many users have already tried this method, as shown by the countless posts that have appeared on the Twitter account of its creators. However, at the moment the utility is not available, as the menu entry on the website that gave access to the tool has disappeared, as we have seen when comparing them with the screenshots that accompany the comments of thanks on the social network.
The utility is in beta phase although many users have already proven its effectiveness
The two hackers comment that the vulnerability was brought to Apple’s attention in March but they did not get a response and, moreover, have been quick to clarify that they do not want to make the job easier for the ” friends of others “, nor do they intend to make money out of it, they are simply trying to warn users that the iOS 7 Activation Lock feature is not very secure.
What would seem to be true is that the bug would only affect the Windows version of iTunes and the utility could be used with all iOS devices , except the first generation iPad and iPhone 3GS, although from the web it is said that it is still in the beta phase of development.
After the news was released, the most suspicious have started to raise their voices because they believe that this security hole is there intentionally to allow intelligence departments to access our devices . Others simply consider it ” a childish mistake “.
To conclude, it should also be said that, although some users have not had this problem, others have reported that after unlocking the device, it has been left without the signal of the mobile operator , making the device more like an iPod Touch than an iPhone.
Activation Lock has already been breached, can Apple make the system secure again?
This was not the only issue related to iTunes, as we have been told by Appleinsider, Apple recently had to release a patch to fix a similar issue involving OS X and iOS.
Do you think that Apple should make an effort to avoid these security flaws or do you consider them inevitable ?