A couple of hackers claim to have successfully cracked into Apple’s iCloud Activation Lock infrastructure, allowing them to unlock iPhone and iPad that would otherwise can only be unlocked with owner’s Apple ID password. The hackers’ gang has created a tool called ‘doulCi’, that, they claim, can bypass iCloud Activation Lock – Apple’s highly-lauded security feature – without providing the original Apple ID credentials.
The hacker’s duo that goes by the names AquaXetine and MerrukTechnolog claims that they’ve managed to compromise iCloud security, giving them access to unencrypted passwords and other sensitive information from the service. They say that they have managed to introduce a computer between the iPhone and Apple’s server. The computer in the middle spoofs the identity to fool iPhone into believing that it is a genuine Apple sever and then it removes the iCloud Activation Lock.
The bypass uses a vulnerability found in iTunes for windows related to the verification of security certificates. And to get a disabled device back to working state, all you have to do is plug in the device to a computer, and alter Hosts file to direct iTunes to an alternate server instead of iCloud.
Here’s how the team doulCi describes the attack:
doulCi is the worlds first Alternative iCloud Server, and the world’s first iCloud Activation Bypass. doulCi will bypass and activate you iDevice for you when you are stuck at the Apple activation menu. So, why would you use it? For example, if you have forgotten your Apple ID and password or no longer have access to your old itunes-email account then its impossible to regain control of your Apple Product!! doulCi is the solution that will enable you to can regain permanent access.
Mark Loman, a security researcher, says that the vulnerability found in the iTunes (Windows variant) was either a beginner’s mistake, or was left intentionally for intelligence agencies giving them access to iCloud data.
It’s worth noting here that a similar vulnerability in OS X and iOS was recently fixed by Apple. The two hackers worked on doulCi to bypass iCloud Activation Servers for five months, and made Apple aware of it back in March. The two say that their motive was to warn iPhone and iPad users that iCloud is not very safe.
MuscleNerd, a well-know hacker and a member to team evad3rs, notes:
This is gaining traction with media https://t.co/0iUX690Hek but it only turns iPhones into iPods (no cell) and isn’t persist thru restores
— MuscleNerd (@MuscleNerd) May 21, 2014
It appears that a device locked by iCloud Activation server, even after using this hack, stays SIM-Locked. But according to one of the team members, a carrier fix is on the way.