Hacker Team Claims Compromise of Apple's iCloud and Activation Lock, Possibly via SSL Bug [Updated]

by

icloud_iconA pair of hackers from the Netherlands and Morocco, identifying themselves as AquaXetine and MerrukTechnolog, claim to have compromised the security of Apple's iCloud system for locking iOS devices.

The hack will unlock stolen iPhones by bypassing Activation Lock, making it possible for thieves to resell the phones easily on the black market, reports Dutch publication De Telegraaf [Google Translate]. It also may provide hackers with access to Apple ID passwords and other personal information stored in Apple's iCloud service.

The hackers reportedly worked on the vulnerability for five months, studying the transmission of data between iPhone handsets and Apple's iCloud services. The pair claim to be able to unlock a locked iPhone by placing a computer between the iPhone and Apple's servers. In this configuration, the iPhone mistakenly identifies the hacker's computer as one of Apple's servers and follows instructions provided by the nefarious computer to reverse activation lock on the handset.

While the hackers did not reveal precise information on how their intercepting computer can spoof Apple's iCloud activation servers, it appears that they may be taking advantage of an SSL bug that is present in iTunes for Windows, as noted by iPhone in Canada, who spoke to security researcher Mark Loman about the issue. The previously disclosed issue was fixed in iOS 7.0.6 and OS X 10.9.2, but it appears that iTunes for Windows is still affected.

After looking into some claims of the jailbreak community, Mark Loman decided to do some investigating of his own and made a shocking discovery. SSL has two tasks: one, to verify communication with the intended server; and two, to prevent manipulation.

“The problem is with verifying the certificate. Apple appears to have deliberately left out this essential step required for proper secure communication. They fixed it last month for iOS but forgot to fix it for iTunes. But the jailbreak community is already making use of it — which is how I figured it out.”

The vulnerability reportedly allows hackers to intercept Apple ID credentials, which can then be used to unlock iOS devices that have been locked after having been lost or stolen.

Actually, the data IS encrypted. But when an attacker strips SSL during a so-called man-in-the-middle attack the AppleID account name and password can be extracted as they are sent in plain text inside SSL, Mark Loman said in an email sent to iPhone in Canada.

Using this technique, the hackers claim to have unlocked 30,000 iPhones in the past few days. The group allegedly contacted Apple about this vulnerability in March, but Apple never responded, prompting the hackers to go public with the information.

Update 10:43 AM: One of the hackers has denied that the bypass involves an SSL bug.

Tag: Activation Lock

Popular Stories

Apple Announces Special Event in New York Feature

Apple Announces Special Event in New York, London, and Shanghai on March 4

Monday February 16, 2026 6:05 am PST by
Apple today announced a "special Apple Experience" in New York, London, and Shanghai, taking place on March 4, 2026 at 9:00am ET. Apple invited select members of the media to the event in three major cities around the world. It is simply described as a "special Apple Experience," and there is no further information about what it may entail. The invitation features a 3D Apple logo design...
Read Full Article188 comments
Apple Announces Special Event in New York Feature 1

Apple Event on March 4: Here's What to Expect

Tuesday February 17, 2026 8:08 am PST by
Apple on Monday invited selected journalists and content creators to a "special Apple Experience" on Wednesday, March 4 in New York, London, and Shanghai. At an Apple Experience, attendees are typically given the opportunity to try out Apple's latest hardware or software. Following the launch of Apple Creator Studio last month, for example, some content creators attended an Apple Experience...
Read Full Article59 comments
CarPlay Liquid Glass Dark

iOS 26.4's New CarPlay Video Feature Shown in Action

Wednesday February 18, 2026 9:29 am PST by
Back at WWDC 2025, Apple revealed that it was planning to allow CarPlay users to watch video via AirPlay in their vehicles while they are not driving, and the first beta of iOS 26.4 suggests the feature may be nearing availability. There are several new references to CarPlay video streaming functionality within the iOS 26.4 beta's source code. The feature is not yet visible to users, but...
Read Full Article51 comments
Apple Announces Special Event in New York Feature 1

Rumor: Apple to Announce Multiple New Products in First Week of March

Tuesday February 17, 2026 6:35 pm PST by
Apple on Monday invited selected journalists and content creators to a "special Apple Experience" on Wednesday, March 4 in New York, London, and Shanghai. And now, rumors are surfacing about Apple's broader plans for that week. Daring Fireball's John Gruber today guessed that Apple will announce new products on a day-by-day basis from Monday, March 2 through Wednesday, March 4:What strikes...
Read Full Article116 comments
iphone 17 pro green

iPhone 17 Pro Max Curiously Becomes Most Traded-In Smartphone

Wednesday February 18, 2026 9:13 am PST by
New trade-in data indicates that Apple's iPhone 17 Pro Max has rapidly become the single most traded-in smartphone. According to a new report from SellCell, Apple's latest flagship iPhone has quickly risen to the top of the independent trade-in market, accounting for 11.5% of all devices appearing in the top-20 trade-in rankings just months after release. The analysis is based on SellCell...
Read Full Article175 comments

Top Rated Comments

Yvan256 Avatar
Yvan256
153 months ago
The group allegedly contacted Apple about this vulnerability in March, but Apple never responded, prompting the hackers to go public with the information.

In my opinion, that's the proper way to do it.

[LIST=1]
* Contact the manufacturer to inform them of the problem.
* Give them some time to fix it.
* If they haven't fixed it after a few months, go public to force them to react.
Score: 32 Votes (Like | Disagree)
Sky Blue Avatar
Sky Blue
153 months ago
"The group allegedly contacted Apple about this vulnerability in March, but Apple never responded, prompting the hackers to go public with the information."

lol, Apple
Score: 27 Votes (Like | Disagree)
E
ehmjay
153 months ago
Annnnnnd cue the tech press over-reacting and blowing this way out of proportion.

Not that this isn't a serious flaw; it is. But because it's Apple it will be presented as the end of the world, and covered by every major news outlet where-as a similar bug in Android is barely mentioned by anyone at all.
Score: 10 Votes (Like | Disagree)
dannyyankou Avatar
dannyyankou
153 months ago
The NSA new this all along.

*knew

Sorry, couldn't resist.
Score: 8 Votes (Like | Disagree)
M
Millah
153 months ago
They did, in March. Still not fixed.
So anyone can claim anything they want and people instantly believe them without a shadow of doubt? When did the public become so easily gullible?

I'm not saying its not true. I'm saying none of us know. Just because some hackers claim something doesn't make it true. And how exactly are they trustworthy to begin with? These are people hacking into places they shouldn't be, unlocking stolen phones, and you don't even have a sliver of doubt about their honesty?
Score: 8 Votes (Like | Disagree)
F
fumi2014
153 months ago
These billion dollar companies really need to stay on top of all this. They're happy to take your money but not so quick to safeguard your details.

And now there's trouble at eBay.
Score: 8 Votes (Like | Disagree)
Read All Comments