Apple is so too late in fixing a flaw in its iCloud activation mechanism that leaves iOS users vulnerable to a man-in-the-middle attack, allowing easy restore of lost iDevices without authentication, claims a team of hackers.
Going by the names AquaXetine and MerrukTechnolog, a group of hackers from Netherlands and Morocco, have released a hack – “doulCi” (“iCloud” backward) that can basically compromise the security of Apple’s iCloud system for locking iOS devices.
The so-called “doulCi” hack is described as “the world’s first Alternative iCloud Server, and the world’s first iCloud Activation Bypass.”
Dutch publication De Telegraaf reports that the “doulCi” hack will unlock stolen iPhones by bypassing Activation Lock, and gives hackers access to Apple ID passwords and other personal information stored in Apple’s iCloud service.
The group said that they contacted Apple about this vulnerability long back, but the company never responded, prompting them to go public with the information.
AquaXetine also tweeted that Apple had contacted him about the hack on Wednesday but he deleted the email.
“They have asked me to contact [them] as quickly as possible, but why now?” AquaXetine, said in an email to Cult of Mac. “I’ve already warned Apple couple months ago.”
The hackers have reportedly worked on the security flaw for the last five months, studying the transmission of data between an iDevice and Apple’s iCloud services. The group said that it was easy to unlock a locked iDevice by placing a computer between the locked iDevice and Apple’s servers.
The doulCi website has detailed information on how the hack works and disclaimers that suggest the hack should be used by the rightful owners of the iDevice who have forgotten their login info.
The hackers claim to have unlocked 30,000 iPhones in the past few days, using this technique. Twitter seems to be flooded with tweets thanking the two hackers. Most of the tweets are from outside of the U.S like a Twitter user from Philippines and another from Asia tweeted pics of iPhones unlocked.
