Previewed at WWDC, launching in the fall.
iOS 7 Bug Allows Disabling of 'Find My iPhone' Without Password
A bug in the current version of iOS 7 appears to allow users to disable Find my iPhone on a device without typing in a password, which effectively hides it from being located on iCloud.com.
Deactivating Find My iPhone takes just a few simple steps and it can be easily repeated on devices running the current version of iOS (7.0.4). The exploit involves making a few simple changes to the iCloud account section of the Settings app.
Video via Bradley Williams
MacRumors has been able to successfully replicate this bug on an iPhone and an iPad running iOS 7.0.4, but could not get it to work on a device running iOS 7.1, so the flaw will likely be fixed with the upcoming update.
This is a potentially serious bug as Find My iPhone is a useful method of locating a lost device. While this exploit does disable Find My iPhone and allow for an iOS device to be erased, it does not remove Apple's Activation Lock theft deterrent system. After being erased, the device will remain locked to the original account and continue to ask for that Apple ID and password during the setup process to resume functionality.
The bypass only works on a device that does not have Touch ID or a Passcode enabled, as the exploit requires access to the Settings menu. To avoid having Find My iPhone disabled, users should update their phones with a Passcode and install iOS 7.1 when Apple releases the software.
MacRumors has contacted Apple for comment on the exploit and we will update if we receive new information.
Deactivating Find My iPhone takes just a few simple steps and it can be easily repeated on devices running the current version of iOS (7.0.4). The exploit involves making a few simple changes to the iCloud account section of the Settings app.
MacRumors has been able to successfully replicate this bug on an iPhone and an iPad running iOS 7.0.4, but could not get it to work on a device running iOS 7.1, so the flaw will likely be fixed with the upcoming update.
This is a potentially serious bug as Find My iPhone is a useful method of locating a lost device. While this exploit does disable Find My iPhone and allow for an iOS device to be erased, it does not remove Apple's Activation Lock theft deterrent system. After being erased, the device will remain locked to the original account and continue to ask for that Apple ID and password during the setup process to resume functionality.
The bypass only works on a device that does not have Touch ID or a Passcode enabled, as the exploit requires access to the Settings menu. To avoid having Find My iPhone disabled, users should update their phones with a Passcode and install iOS 7.1 when Apple releases the software.
MacRumors has contacted Apple for comment on the exploit and we will update if we receive new information.
[ 105 comments ]
Top Rated Comments
(View all)
57 months ago
Don't you folks at MacRumors realize that by posting a thread like this, you tip off thieves to a way of successfully thwarting Apple's find-my-iphone security. Maybe this should not be posted?!?!?!? Now you've given every thief who monitors this site a head start until Apple fixes. Well done MacRumors!!!!
57 months ago
Don't you folks at MacRumors realize that by posting a thread like this, you tip off thieves to a way of successfully thwarting Apple's find-my-iphone security. Maybe this should not be posted?!?!?!?
I'd rather want to know about these issues to be aware of security risks, especially when there is an effective solution to this bug:
The bypass only works on a device that does not have Touch ID or a Passcode enabled, as the exploit requires access to the Settings menu.
57 months ago
This is there to remind people to set up a passcode to unlock the iPhone to begin with. remember, the can't exploit this if the can't get past the lock screen.
57 months ago
This is why you use a pass code folks. This is also why Touch ID is awesome, since it addresses convenience, one of the main reasons people don't use pass codes.
57 months ago
Wake up
"Don't you folks at MacRumors realize that by posting a thread like this, you tip off thieves blah blah"
Teachable moment: the way to ensure that security flaws get fixed asap, as they should be, is to release information about them publicly.
I know it seems counter-intuitive, but the fact is that trying to keeping exploits hush-hush until they can be fixed doesn't work. Those who could fix the problem take longer to get around to it, thieves always find out anyway, and the only people in the dark about the situation are legitimate device owners.
Now all of us know about the problem and several ways it can be prevented or mitigated. To withhold that information would have been blind and stupid.
"Don't you folks at MacRumors realize that by posting a thread like this, you tip off thieves blah blah"
Teachable moment: the way to ensure that security flaws get fixed asap, as they should be, is to release information about them publicly.
I know it seems counter-intuitive, but the fact is that trying to keeping exploits hush-hush until they can be fixed doesn't work. Those who could fix the problem take longer to get around to it, thieves always find out anyway, and the only people in the dark about the situation are legitimate device owners.
Now all of us know about the problem and several ways it can be prevented or mitigated. To withhold that information would have been blind and stupid.
57 months ago
I don't keep a password on my iPhone but this could never happen to me. :)
Settings, General, Restrictions, Accounts, DO NOT ALLOW CHANGES
This means iCloud along with all my email accounts, etc. are "greyed out" in Settings and cannot be modified without enabling changes in Restrictions which requires my passcode.
Settings, General, Restrictions, Accounts, DO NOT ALLOW CHANGES
This means iCloud along with all my email accounts, etc. are "greyed out" in Settings and cannot be modified without enabling changes in Restrictions which requires my passcode.
57 months ago
There is always some obscure security bug that affects iOS. I find it astonishing that Apple done know about them and equally that people find them.
Keyword - OBSCURE.
Stuff happens. Apple will fix it quickly.
57 months ago
MacRumors has contacted Apple for comment on the exploit and we will update if we receive new information.
You really think Apple will talk about product exploits to a random rumour website? That's funny.
At most you'll get official statements on the issue when there is progress on it.
[ Read All Comments ]
A USB-based vulnerability that allows for the brute forcing of a passcode on an iOS device has been discovered by security researcher Matthew Hickey, reports ZDNet.
The method, which bypasses...
For this week's giveaway, we've teamed up with Fuse to offer MacRumors readers a chance to win a Side Winder, which is an accessory that's designed to let you quickly and easily wind up...
Alongside a major version 3.0 update that rolled out to its iOS app [Direct Link] earlier this week, Turner Classic Movies has also expanded support for its "Watch TCM" app to tvOS devices....
Nanoleaf's new 12-sided light-up remote joins its existing Nanoleaf Light Panels and Nanoleaf Rhythm, adding a whole slew of smartphone-free physical control options for your HomeKit setup in one...
Apple Maps vehicles equipped with LiDAR sensors have begun collecting street-level data in Japan for the first time this month.
Apple will be surveying the Tokyo and Urayasu areas between...
Microsoft has announced a new visual search feature for its Bing app that lets users snap a picture with their phone's camera and use it to search the web.
The new visual search function...
Some 60 billion messages are sent over the WhatsApp chat platform every day. One of the reasons for the service's massive popularity is that it lets users send and receive as many media-rich...
eBay today launched its latest sitewide coupon code, offering customers the chance to save $15 on orders that reach or exceed $75. The code isn't as enticing as eBay's previous...
