A bug in the current version of iOS 7 appears to allow users to disable Find my iPhone on a device without typing in a password, which effectively hides it from being located on iCloud.com.
Deactivating Find My iPhone takes just a few simple steps and it can be easily repeated on devices running the current version of iOS (7.0.4). The exploit involves making a few simple changes to the iCloud account section of the Settings app.
MacRumors has been able to successfully replicate this bug on an iPhone and an iPad running iOS 7.0.4, but could not get it to work on a device running iOS 7.1, so the flaw will likely be fixed with the upcoming update.
This is a potentially serious bug as Find My iPhone is a useful method of locating a lost device. While this exploit does disable Find My iPhone and allow for an iOS device to be erased, it does not remove Apple's Activation Lock theft deterrent system. After being erased, the device will remain locked to the original account and continue to ask for that Apple ID and password during the setup process to resume functionality.
The bypass only works on a device that does not have Touch ID or a Passcode enabled, as the exploit requires access to the Settings menu. To avoid having Find My iPhone disabled, users should update their phones with a Passcode and install iOS 7.1 when Apple releases the software.
MacRumors has contacted Apple for comment on the exploit and we will update if we receive new information.
Top Rated Comments
(View all)Don't you folks at MacRumors realize that by posting a thread like this, you tip off thieves to a way of successfully thwarting Apple's find-my-iphone security. Maybe this should not be posted?!?!?!?
I'd rather want to know about these issues to be aware of security risks, especially when there is an effective solution to this bug:The bypass only works on a device that does not have Touch ID or a Passcode enabled, as the exploit requires access to the Settings menu.