Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old May 21, 2014, 01:00 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Hacker Team Claims Compromise of Apple's iCloud and Activation Lock, Possibly via SSL Bug [Updated]




A pair of hackers from the Netherlands and Morocco, identifying themselves as AquaXetine and MerrukTechnolog, claim to have compromised the security of Apple's iCloud system for locking iOS devices.

The hack will unlock stolen iPhones by bypassing Activation Lock, making it possible for thieves to resell the phones easily on the black market, reports Dutch publication De Telegraaf [Google Translate]. It also may provide hackers with access to Apple ID passwords and other personal information stored in Apple's iCloud service.

The hackers reportedly worked on the vulnerability for five months, studying the transmission of data between iPhone handsets and Apple's iCloud services. The pair claim to be able to unlock a locked iPhone by placing a computer between the iPhone and Apple's servers. In this configuration, the iPhone mistakenly identifies the hacker's computer as one of Apple's servers and follows instructions provided by the nefarious computer to reverse activation lock on the handset.

While the hackers did not reveal precise information on how their intercepting computer can spoof Apple's iCloud activation servers, it appears that they may be taking advantage of an SSL bug that is present in iTunes for Windows, as noted by iPhone in Canada, who spoke to security researcher Mark Loman about the issue. The previously disclosed issue was fixed in iOS 7.0.6 and OS X 10.9.2, but it appears that iTunes for Windows is still affected.
Quote:
After looking into some claims of the jailbreak community, Mark Loman decided to do some investigating of his own and made a shocking discovery. SSL has two tasks: one, to verify communication with the intended server; and two, to prevent manipulation.

"The problem is with verifying the certificate. Apple appears to have deliberately left out this essential step required for proper secure communication. They fixed it last month for iOS but forgot to fix it for iTunes. But the jailbreak community is already making use of it -- which is how I figured it out."
The vulnerability reportedly allows hackers to intercept Apple ID credentials, which can then be used to unlock iOS devices that have been locked after having been lost or stolen.
Quote:
Actually, the data IS encrypted. But when an attacker strips SSL during a so-called man-in-the-middle attack the AppleID account name and password can be extracted as they are sent in plain text inside SSL, Mark Loman said in an email sent to iPhone in Canada.
Using this technique, the hackers claim to have unlocked 30,000 iPhones in the past few days. The group allegedly contacted Apple about this vulnerability in March, but Apple never responded, prompting the hackers to go public with the information.

Update 10:43 AM: One of the hackers has denied that the bypass involves an SSL bug.

Article Link: Hacker Team Claims Compromise of Apple's iCloud and Activation Lock, Possibly via SSL Bug [Updated]
MacRumors is offline   0 Reply With Quote
Old May 21, 2014, 01:03 PM   #2
crossifixio
macrumors regular
 
Join Date: Mar 2007
Location: London
Damn that would be bad!
__________________
iMac + MBA + iPhone + iPad + TV! In Apple's Ecosystem's
crossifixio is offline   0 Reply With Quote
Old May 21, 2014, 01:03 PM   #3
Sky Blue
Guest
 
Join Date: Jan 2005
"The group allegedly contacted Apple about this vulnerability in March, but Apple never responded, prompting the hackers to go public with the information."

lol, Apple
Sky Blue is offline   27 Reply With Quote
Old May 21, 2014, 01:05 PM   #4
stiligFox
macrumors 6502a
 
stiligFox's Avatar
 
Join Date: Apr 2009
Location: 10.0.1.3
I imagine this will be solved with a simple iOS update and a change of Apple's server.

That being said -- on a similar topic - Now that Activation Lock exists, it is astonishing to me the sheer amount of iCloud locked iPhones on eBay that are pretty much only good for parts/trash. On the one hand, yes it might keep phones in the owners possession, but on the other hand, it creates a lot of garbage that will end up in the landfill.

Possibly even more surprising to me is that people are paying almost full price for these locked phones
__________________
stiligFox is offline   3 Reply With Quote
Old May 21, 2014, 01:05 PM   #5
Yvan256
macrumors 601
 
Yvan256's Avatar
 
Join Date: Jul 2004
Location: Canada
Quote:
The group allegedly contacted Apple about this vulnerability in March, but Apple never responded, prompting the hackers to go public with the information.
In my opinion, that's the proper way to do it.
  1. Contact the manufacturer to inform them of the problem.
  2. Give them some time to fix it.
  3. If they haven't fixed it after a few months, go public to force them to react.
Yvan256 is offline   32 Reply With Quote
Old May 21, 2014, 01:05 PM   #6
keysofanxiety
macrumors 65816
 
keysofanxiety's Avatar
 
Join Date: Nov 2011
Location: In a house that defies physics by being colder than absolute zero.
Quote:
Originally Posted by stiligFox View Post
I imagine this will be solved with a simple iOS update and a change of Apple's server.

That being said -- on a similar topic - Now that Activation Lock exists, it is astonishing to me the sheer amount of iCloud locked iPhones on eBay that are pretty much only good for parts/trash. On the one hand, yes it might keep phones in the owners possession, but on the other hand, it creates a lot of garbage that will end up in the landfill.

Possibly even more surprising to me is that people are paying almost full price for these locked phones
Yep. Locked phone = stolen phone.
__________________
"And they all lived happily ever after ... except for Pocket, who died of Hepatitis B."
keysofanxiety is offline   7 Reply With Quote
Old May 21, 2014, 01:06 PM   #7
Crosscreek
macrumors 65816
 
Join Date: Nov 2013
Location: Margarittaville
The NSA knew this all along.

Last edited by Crosscreek; May 21, 2014 at 04:36 PM. Reason: you know
Crosscreek is offline   3 Reply With Quote
Old May 21, 2014, 01:08 PM   #8
stiligFox
macrumors 6502a
 
stiligFox's Avatar
 
Join Date: Apr 2009
Location: 10.0.1.3
Quote:
Originally Posted by keysofanxiety View Post
Yep. Locked phone = stolen phone.
Not 100% of the time -- I've seen phones where the original owner forgot to unlock the phone before selling it, but Apple doesn't provide a way to contact/email the original owner

But aye, they are mostly stolen.
__________________
stiligFox is offline   1 Reply With Quote
Old May 21, 2014, 01:08 PM   #9
Stella
macrumors 603
 
Stella's Avatar
 
Join Date: Apr 2003
Location: Canada
Quote:
Originally Posted by Yvan256 View Post
In my opinion, that's the proper way to do it.
  1. Contact the manufacturer to inform them of the problem.
  2. Give them some time to fix it.
  3. If they haven't fixed it after a few months, go public to force them to react.
They did, in March. Still not fixed.
__________________
Hardware / Software: The right tools for the job - be it Apple or otherwise.
Stella is offline   2 Reply With Quote
Old May 21, 2014, 01:08 PM   #10
fumi2014
macrumors newbie
 
Join Date: May 2014
These billion dollar companies really need to stay on top of all this. They're happy to take your money but not so quick to safeguard your details.

And now there's trouble at eBay.
fumi2014 is offline   8 Reply With Quote
Old May 21, 2014, 01:10 PM   #11
ehmjay
macrumors member
 
Join Date: Apr 2006
Annnnnnd cue the tech press over-reacting and blowing this way out of proportion.

Not that this isn't a serious flaw; it is. But because it's Apple it will be presented as the end of the world, and covered by every major news outlet where-as a similar bug in Android is barely mentioned by anyone at all.
ehmjay is offline   10 Reply With Quote
Old May 21, 2014, 01:13 PM   #12
CosmoFox
Banned
 
Join Date: Mar 2014
So they wasted 5 months of work so Apple can patch it in a week? I don't see the point
CosmoFox is offline   0 Reply With Quote
Old May 21, 2014, 01:14 PM   #13
2010mini
macrumors 6502a
 
Join Date: Jun 2013
They claimed they unlocked 30,000 iPhones??? I'm to believe that many iPhones' activation lock was bypassed and the internet community was not ablazed with that info???
2010mini is offline   5 Reply With Quote
Old May 21, 2014, 01:14 PM   #14
Shrink
macrumors Demi-God
 
Shrink's Avatar
 
Join Date: Feb 2011
Location: New England, USA
Quote:
Originally Posted by Crosscreek View Post
The NSA new this all along.
Source, please.
__________________
Two things are infinite, the universe and human stupidity; and I'm not sure about the universe. -- Albert Einstein
Shrink is offline   0 Reply With Quote
Old May 21, 2014, 01:15 PM   #15
556fmjoe
macrumors 6502a
 
Join Date: Apr 2014
Quote:
Originally Posted by CosmoFox View Post
So they wasted 5 months of work so Apple can patch it in a week? I don't see the point
Apple didn't patch it in a week. They haven't done a thing about it since March. The point is to get Apple to secure their products, and publicly releasing vulnerabilities is the only way to do that.
__________________
12" PowerBook G4 and 14" ThinkPad T60, both running OpenBSD -current
556fmjoe is offline   5 Reply With Quote
Old May 21, 2014, 01:16 PM   #16
WildCowboy
Administrator/Editor
 
WildCowboy's Avatar
 
Join Date: Jan 2005
Quote:
Originally Posted by Yvan256 View Post
In my opinion, that's the proper way to do it.
  1. Contact the manufacturer to inform them of the problem.
  2. Give them some time to fix it.
  3. If they haven't fixed it after a few months, go public to force them to react.
There is, however, a difference between simply going public with the info and exploiting the issue to unlock 30,000 locked phones as they claim to have done.
__________________
Editor in Chief, MacRumors
WildCowboy is offline   5 Reply With Quote
Old May 21, 2014, 01:16 PM   #17
McGrath1982
macrumors newbie
 
Join Date: May 2014
Location: Crewe UK
First eBay now Apple

2013 13" MBP iPad Air iPhone 5s
McGrath1982 is offline   0 Reply With Quote
Old May 21, 2014, 01:17 PM   #18
556fmjoe
macrumors 6502a
 
Join Date: Apr 2014
Quote:
Originally Posted by WildCowboy View Post
There is, however, a difference between simply going public with the info and exploiting the issue to unlock 30,000 locked phones as they claim to have done.
It puts more pressure on Apple to get a fix rolled out and prevents them from passing it off as a theoretical attack.
__________________
12" PowerBook G4 and 14" ThinkPad T60, both running OpenBSD -current
556fmjoe is offline   4 Reply With Quote
Old May 21, 2014, 01:19 PM   #19
Millah
macrumors 6502a
 
Join Date: Aug 2008
Quote:
Originally Posted by Stella View Post
They did, in March. Still not fixed.
So anyone can claim anything they want and people instantly believe them without a shadow of doubt? When did the public become so easily gullible?

I'm not saying its not true. I'm saying none of us know. Just because some hackers claim something doesn't make it true. And how exactly are they trustworthy to begin with? These are people hacking into places they shouldn't be, unlocking stolen phones, and you don't even have a sliver of doubt about their honesty?
Millah is offline   8 Reply With Quote
Old May 21, 2014, 01:20 PM   #20
556fmjoe
macrumors 6502a
 
Join Date: Apr 2014
Quote:
Originally Posted by Millah View Post
So anyone can claim anything they want and people instantly believe them without a shadow of doubt? When did the public become so easily gullible?

I'm not saying its not true. I'm saying none of us know. Just because some hackers claim something doesn't make it true. And how exactly are they trustworthy to begin with? These are people hacking into places they shouldn't be, and they're 100% trustworthy?
The fact that they're exploiting the vulnerability means they're pretty trustworthy when they say there is one.
__________________
12" PowerBook G4 and 14" ThinkPad T60, both running OpenBSD -current
556fmjoe is offline   4 Reply With Quote
Old May 21, 2014, 01:20 PM   #21
Stella
macrumors 603
 
Stella's Avatar
 
Join Date: Apr 2003
Location: Canada
Quote:
Originally Posted by Millah View Post
So anyone can claim anything they want and people instantly believe them without a shadow of doubt? When did the public become so easily gullible?

I'm not saying its not true. I'm saying none of us know. Just because some hackers claim something doesn't make it true. And how exactly are they trustworthy to begin with? These are people hacking into places they shouldn't be, and they're 100% trustworthy?
Chill.
Don't take it as a personal attack on yourself.
__________________
Hardware / Software: The right tools for the job - be it Apple or otherwise.
Stella is offline   6 Reply With Quote
Old May 21, 2014, 01:20 PM   #22
deadshift
macrumors newbie
 
Join Date: Jan 2011
Quote:
Originally Posted by CosmoFox View Post
So they wasted 5 months of work so Apple can patch it in a week? I don't see the point
clearly you don't understand security. If a lock is pickable, you get a better lock. This was a discovery that a lock was able to be bypassed. So Apple can and should build a better lock, even if it's only 5 minutes worth of work.

Yeah, it smells of SSL GoToFail and Man-in-the-middle. A bummer of a time SSL has had lately.
deadshift is offline   1 Reply With Quote
Old May 21, 2014, 01:23 PM   #23
Thunderhawks
macrumors 68020
 
Join Date: Feb 2009
Quote:
Originally Posted by 556fmjoe View Post
Apple didn't patch it in a week. They haven't done a thing about it since March. The point is to get Apple to secure their products, and publicly releasing vulnerabilities is the only way to do that.
How would you know that they haven't done a thing about it?

Obviously they will not broadcast anything when things like that happen.

And, fixes are not really pulled out off a drawer.

Analysis, testing etc. has to happen first. That takes time.

But..........................
__________________
It's ready, when it's ready !
"Any fool can criticize, condemn and complain and most fools do." Benjamin Franklin
Thunderhawks is offline   0 Reply With Quote
Old May 21, 2014, 01:25 PM   #24
dumastudetto
macrumors 65816
 
Join Date: Aug 2013
Anyone who claims Apple doesn't take security of its products and services seriously, and doesn't care passionately about protecting our personal information - put simply they don't know Apple. There is no company on earth who has a better track record in this arena than Apple.
dumastudetto is offline   3 Reply With Quote
Old May 21, 2014, 01:26 PM   #25
Michaelgtrusa
macrumors 603
 
Michaelgtrusa's Avatar
 
Join Date: Oct 2008
Location: Everywhere And Nowhere
More time than they can handle.
__________________
iMACAll life is an experiment. The more experiments you make the better.
TWITTER TUMBLR
Michaelgtrusa is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
iCloud activation lock can be reversed.. apollo1444 iOS 7 6 May 29, 2014 10:28 AM
Resolved: iCloud Activation Lock hungx iPad 10 May 16, 2014 02:46 AM
Hacker Claims to Crack iPhone Lock Screen alvaroe16 iPhone 5 May 6, 2014 07:28 PM

Forum Jump

All times are GMT -5. The time now is 11:04 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC