Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 6, 2014, 01:16 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
iOS 7 Bug Allows Disabling of 'Find My iPhone' Without Password




A bug in the current version of iOS 7 appears to allow users to disable Find my iPhone on a device without typing in a password, which effectively hides it from being located on iCloud.com.

Deactivating Find My iPhone takes just a few simple steps and it can be easily repeated on devices running the current version of iOS (7.0.4). The exploit involves making a few simple changes to the iCloud account section of the Settings app.


MacRumors has been able to successfully replicate this bug on an iPhone and an iPad running iOS 7.0.4, but could not get it to work on a device running iOS 7.1, so the flaw will likely be fixed with the upcoming update.

This is a potentially serious bug as Find My iPhone is a useful method of locating a lost device. While this exploit does disable Find My iPhone and allow for an iOS device to be erased, it does not remove Apple's Activation Lock theft deterrent system. After being erased, the device will remain locked to the original account and continue to ask for that Apple ID and password during the setup process to resume functionality.

The bypass only works on a device that does not have Touch ID or a Passcode enabled, as the exploit requires access to the Settings menu. To avoid having Find My iPhone disabled, users should update their phones with a Passcode and install iOS 7.1 when Apple releases the software.

MacRumors has contacted Apple for comment on the exploit and we will update if we receive new information.

Article Link: iOS 7 Bug Allows Disabling of 'Find My iPhone' Without Password
MacRumors is offline   0 Reply With Quote
Old Feb 6, 2014, 01:17 PM   #2
H2SO4
macrumors 65816
 
Join Date: Nov 2008
There is always some obscure security bug that affects iOS. I find it astonishing that Apple done know about them and equally that people find them.
__________________
MP1,1. 30"ACD. 11GB
H2SO4 is offline   6 Reply With Quote
Old Feb 6, 2014, 01:17 PM   #3
clickerclacker
macrumors newbie
 
Join Date: Aug 2013
7.0.5?
clickerclacker is offline   0 Reply With Quote
Old Feb 6, 2014, 01:19 PM   #4
djtech42
macrumors 65816
 
djtech42's Avatar
 
Join Date: Jun 2012
Location: West Chester, OH
Hopefully it is fixed now. It's a serious issue because they have been emphasizing the fact that it can't be turned off without a password.
__________________
2012 15" rMBP, 16 GB RAM, OS X Mavericks ; 2009 24" iMac C2Duo, 8 GB RAM ; 32 GB Black Verizon iPhone 5 ; 32 GB White iPad rMini ; Apple TV (2nd Gen) ;
djtech42 is offline   3 Reply With Quote
Old Feb 6, 2014, 01:19 PM   #5
Blorzoga
macrumors 68020
 
Blorzoga's Avatar
 
Join Date: May 2010
Don't you folks at MacRumors realize that by posting a thread like this, you tip off thieves to a way of successfully thwarting Apple's find-my-iphone security. Maybe this should not be posted?!?!?!? Now you've given every thief who monitors this site a head start until Apple fixes. Well done MacRumors!!!!
Blorzoga is offline   30 Reply With Quote
Old Feb 6, 2014, 01:20 PM   #6
AbSoluTc
macrumors 68020
 
AbSoluTc's Avatar
 
Join Date: Sep 2008
Quote:
Originally Posted by H2SO4 View Post
There is always some obscure security bug that affects iOS. I find it astonishing that Apple done know about them and equally that people find them.
Keyword - OBSCURE.

Stuff happens. Apple will fix it quickly.
__________________
Twitter - Flickr
AbSoluTc is offline   7 Reply With Quote
Old Feb 6, 2014, 01:20 PM   #7
johnalan
macrumors regular
 
Join Date: Jul 2009
Location: Dublin, Ireland
What a weird little bug.
johnalan is offline   1 Reply With Quote
Old Feb 6, 2014, 01:21 PM   #8
Curun
macrumors 6502
 
Join Date: Sep 2013
Quote:
Originally Posted by Blorzoga View Post
Don't you folks at MacRumors realize that by posting a thread like this, you tip off thieves to a way of successfully thwarting Apple's find-my-iphone security. Maybe this should not be posted?!?!?!?
Except phone would still be useless...

Location can also be thwarted:
by powering down.
Removing SIM and not having near original owners wifi.
Etc
Curun is offline   3 Reply With Quote
Old Feb 6, 2014, 01:21 PM   #9
Merode
macrumors 6502
 
Join Date: Nov 2013
Location: Warszawa, PL
You first have to unlock phone so this whole hack is useless for thieves..
Merode is offline   21 Reply With Quote
Old Feb 6, 2014, 01:22 PM   #10
Jsameds
macrumors 6502a
 
Join Date: Apr 2008
It might be better to not post this rather than telling the internet exactly how to hack a stolen iPhone..
Jsameds is offline   5 Reply With Quote
Old Feb 6, 2014, 01:23 PM   #11
Cuban Missles
macrumors 6502a
 
Cuban Missles's Avatar
 
Join Date: Dec 2012
Location: East Coast, USA
This is there to remind people to set up a passcode to unlock the iPhone to begin with. remember, the can't exploit this if the can't get past the lock screen.
__________________
I have a collection of Apple stickers from all my Apple product purchases - they are white (the stickers not the products)
Cuban Missles is offline   12 Reply With Quote
Old Feb 6, 2014, 01:23 PM   #12
KALLT
macrumors 6502a
 
Join Date: Sep 2008
Quote:
Originally Posted by Blorzoga View Post
Don't you folks at MacRumors realize that by posting a thread like this, you tip off thieves to a way of successfully thwarting Apple's find-my-iphone security. Maybe this should not be posted?!?!?!?
I'd rather want to know about these issues to be aware of security risks, especially when there is an effective solution to this bug:
Quote:
The bypass only works on a device that does not have Touch ID or a Passcode enabled, as the exploit requires access to the Settings menu.
KALLT is offline   19 Reply With Quote
Old Feb 6, 2014, 01:24 PM   #13
the8thark
macrumors 68040
 
the8thark's Avatar
 
Join Date: Apr 2011
Quote:
Originally Posted by MacRumors View Post
MacRumors has contacted Apple for comment on the exploit and we will update if we receive new information.
You really think Apple will talk about product exploits to a random rumour website? That's funny.
At most you'll get official statements on the issue when there is progress on it.
__________________
Congress shall make no law . . . prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press.
the8thark is offline   6 Reply With Quote
Old Feb 6, 2014, 01:24 PM   #14
bushido
macrumors 603
 
bushido's Avatar
 
Join Date: Mar 2008
Location: Espaņa y Germany
good thing everyone has passcode enabled. right, RIGHT???
bushido is offline   16 Reply With Quote
Old Feb 6, 2014, 01:26 PM   #15
dustinsc
macrumors regular
 
Join Date: Nov 2009
This is why you use a pass code folks. This is also why Touch ID is awesome, since it addresses convenience, one of the main reasons people don't use pass codes.
dustinsc is offline   11 Reply With Quote
Old Feb 6, 2014, 01:28 PM   #16
michaelward82
macrumors newbie
 
Join Date: Feb 2014
I watched the video without sound - was it necessary to be logged in to the iCloud web interface, or was that just a demonstration of the sound alert working?
michaelward82 is offline   0 Reply With Quote
Old Feb 6, 2014, 01:29 PM   #17
gatearray
macrumors 65816
 
Join Date: Apr 2010
I don't keep a password on my iPhone but this could never happen to me.

Settings, General, Restrictions, Accounts, DO NOT ALLOW CHANGES

This means iCloud along with all my email accounts, etc. are "greyed out" in Settings and cannot be modified without enabling changes in Restrictions which requires my passcode.
gatearray is offline   8 Reply With Quote
Old Feb 6, 2014, 01:29 PM   #18
WilliamG
macrumors 603
 
Join Date: Mar 2008
Location: Seattle
Can confirm this bug is already fixed in 7.1, at least in beta 5, and perhaps earlier.
__________________
iMac, MacBook Air, Mac mini, iPad, iPhone, 55-11
www.bighugenerd.com
WilliamG is offline   4 Reply With Quote
Old Feb 6, 2014, 01:29 PM   #19
Mlrollin91
macrumors 68000
 
Join Date: Nov 2008
Location: Ventura
How does someone find something like this? Who would attempt this for no reason just to see what happens?

I'm always amazed when these bugs are found, like the lock screen on and so on.
Mlrollin91 is offline   3 Reply With Quote
Old Feb 6, 2014, 01:30 PM   #20
velcrovan
macrumors newbie
 
Join Date: Nov 2011
Wake up

"Don't you folks at MacRumors realize that by posting a thread like this, you tip off thieves blah blah"
Teachable moment: the way to ensure that security flaws get fixed asap, as they should be, is to release information about them publicly.

I know it seems counter-intuitive, but the fact is that trying to keeping exploits hush-hush until they can be fixed doesn't work. Those who could fix the problem take longer to get around to it, thieves always find out anyway, and the only people in the dark about the situation are legitimate device owners.

Now all of us know about the problem and several ways it can be prevented or mitigated. To withhold that information would have been blind and stupid.

Last edited by velcrovan; Feb 6, 2014 at 01:32 PM. Reason: added 3rd paragraph
velcrovan is offline   9 Reply With Quote
Old Feb 6, 2014, 01:33 PM   #21
nepalisherpa
macrumors 68000
 
Join Date: Aug 2011
Location: USA
Quote:
Originally Posted by clickerclacker View Post
7.0.5?
7.0.5 is already out for 5S/5C.
__________________
Macbook Air 11" 2013/i7/8GB RAM/250GB SSD
iPhone 6+ 64GB Space Gray
nepalisherpa is offline   2 Reply With Quote
Old Feb 6, 2014, 01:35 PM   #22
dallastigers
macrumors newbie
 
Join Date: Jun 2003
Location: Frisco, TX
Quote:
Originally Posted by gatearray View Post
I don't keep a password on my iPhone but this could never happen to me.

Settings, General, Restrictions, Accounts, DO NOT ALLOW CHANGES

This means iCloud along with all my email accounts, etc. are "greyed out" in Settings and cannot be modified without enabling changes in Restrictions which requires my passcode.

I was wondering if this could also be a possible fix.
dallastigers is offline   2 Reply With Quote
Old Feb 6, 2014, 01:36 PM   #23
webfarer
macrumors newbie
 
Join Date: Feb 2014
Quote:
Originally Posted by Merode View Post
You first have to unlock phone so this whole hack is useless for thieves..
Good point. But the possibility that some random act can switch off Find My iPhone feature is upsetting me.
webfarer is offline   4 Reply With Quote
Old Feb 6, 2014, 01:38 PM   #24
Rocko1
Banned
 
Join Date: Nov 2011
Quote:
Originally Posted by nepalisherpa View Post
7.0.5 is already out for 5S/5C.
Only in limited markets....
Rocko1 is offline   3 Reply With Quote
Old Feb 6, 2014, 01:40 PM   #25
H2SO4
macrumors 65816
 
Join Date: Nov 2008
Quote:
Originally Posted by AbSoluTc View Post
Keyword - OBSCURE.

Stuff happens. Apple will fix it quickly.
Apple haven't really had a great record of fixing things quickly. Also I'm sure they could devise some software that could run through combinations of keystrokes etc to find things like this.
They should do better!
__________________
MP1,1. 30"ACD. 11GB
H2SO4 is offline   1 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Disabling AT&T throttling iOS 7 iPhone 5 Wayoff333 iPhone Tips, Help and Troubleshooting 34 May 8, 2014 12:11 AM
iOS 7 bug allows anyone to disable Find My iPhone and bypass Activation Lock without E2EK1EL iOS 7 3 Apr 3, 2014 04:52 AM
Find My iPhone can be defeated by disabling location services? hansonjohn590 iOS 7 14 Jan 20, 2014 02:31 PM
Disabling iCloud without itunes password jackie91 iPhone 5 Jan 14, 2014 01:41 PM

Forum Jump

All times are GMT -5. The time now is 08:38 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC