iOS 7 Bug Allows Disabling of 'Find My iPhone' Without Password

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Feb 6, 2014.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    A bug in the current version of iOS 7 appears to allow users to disable Find my iPhone on a device without typing in a password, which effectively hides it from being located on iCloud.com.

    Deactivating Find My iPhone takes just a few simple steps and it can be easily repeated on devices running the current version of iOS (7.0.4). The exploit involves making a few simple changes to the iCloud account section of the Settings app.

    Video via Bradley Williams

    MacRumors has been able to successfully replicate this bug on an iPhone and an iPad running iOS 7.0.4, but could not get it to work on a device running iOS 7.1, so the flaw will likely be fixed with the upcoming update.

    This is a potentially serious bug as Find My iPhone is a useful method of locating a lost device. While this exploit does disable Find My iPhone and allow for an iOS device to be erased, it does not remove Apple's Activation Lock theft deterrent system. After being erased, the device will remain locked to the original account and continue to ask for that Apple ID and password during the setup process to resume functionality.

    The bypass only works on a device that does not have Touch ID or a Passcode enabled, as the exploit requires access to the Settings menu. To avoid having Find My iPhone disabled, users should update their phones with a Passcode and install iOS 7.1 when Apple releases the software.

    MacRumors has contacted Apple for comment on the exploit and we will update if we receive new information.

    Article Link: iOS 7 Bug Allows Disabling of 'Find My iPhone' Without Password
     
  2. macrumors 68000

    Joined:
    Nov 4, 2008
    #2
    There is always some obscure security bug that affects iOS. I find it astonishing that Apple done know about them and equally that people find them.
     
  3. macrumors newbie

    Joined:
    Aug 14, 2013
    #3
    7.0.5?
     
  4. macrumors 65816

    djtech42

    Joined:
    Jun 23, 2012
    Location:
    West Chester, OH
    #4
    Hopefully it is fixed now. It's a serious issue because they have been emphasizing the fact that it can't be turned off without a password.
     
  5. macrumors 68020

    Blorzoga

    Joined:
    May 21, 2010
    #5
    Don't you folks at MacRumors realize that by posting a thread like this, you tip off thieves to a way of successfully thwarting Apple's find-my-iphone security. Maybe this should not be posted?!?!?!? Now you've given every thief who monitors this site a head start until Apple fixes. Well done MacRumors!!!!
     
  6. macrumors 68020

    AbSoluTc

    Joined:
    Sep 21, 2008
    #6
    Keyword - OBSCURE.

    Stuff happens. Apple will fix it quickly.
     
  7. macrumors regular

    Joined:
    Jul 15, 2009
    Location:
    Dublin, Ireland
    #7
    What a weird little bug.
     
  8. macrumors 6502

    Curun

    Joined:
    Sep 10, 2013
    #8
    Except phone would still be useless...

    Location can also be thwarted:
    by powering down.
    Removing SIM and not having near original owners wifi.
    Etc
     
  9. macrumors 6502

    Merode

    Joined:
    Nov 5, 2013
    Location:
    Warszawa, PL
    #9
    You first have to unlock phone so this whole hack is useless for thieves..
     
  10. macrumors 65816

    Joined:
    Apr 22, 2008
    #10
    It might be better to not post this rather than telling the internet exactly how to hack a stolen iPhone..
     
  11. macrumors 68000

    Cuban Missles

    Joined:
    Dec 6, 2012
    Location:
    My heart is in Camagüey, the rest in the USA
    #11
    This is there to remind people to set up a passcode to unlock the iPhone to begin with. remember, the can't exploit this if the can't get past the lock screen.
     
  12. macrumors 68000

    Joined:
    Sep 23, 2008
    #12
    I'd rather want to know about these issues to be aware of security risks, especially when there is an effective solution to this bug:
     
  13. macrumors 68040

    the8thark

    Joined:
    Apr 18, 2011
    #13
    You really think Apple will talk about product exploits to a random rumour website? That's funny.
    At most you'll get official statements on the issue when there is progress on it.
     
  14. macrumors 604

    bushido

    Joined:
    Mar 26, 2008
    Location:
    Planet Earth
    #14
    good thing everyone has passcode enabled. right, RIGHT???
     
  15. macrumors regular

    Joined:
    Nov 21, 2009
    #15
    This is why you use a pass code folks. This is also why Touch ID is awesome, since it addresses convenience, one of the main reasons people don't use pass codes.
     
  16. macrumors newbie

    Joined:
    Feb 6, 2014
    #16
    I watched the video without sound - was it necessary to be logged in to the iCloud web interface, or was that just a demonstration of the sound alert working?
     
  17. macrumors 65816

    Joined:
    Apr 24, 2010
    #17
    I don't keep a password on my iPhone but this could never happen to me. :)

    Settings, General, Restrictions, Accounts, DO NOT ALLOW CHANGES

    This means iCloud along with all my email accounts, etc. are "greyed out" in Settings and cannot be modified without enabling changes in Restrictions which requires my passcode.
     
  18. macrumors 603

    Joined:
    Mar 29, 2008
    Location:
    Seattle
    #18
    Can confirm this bug is already fixed in 7.1, at least in beta 5, and perhaps earlier.
     
  19. macrumors 68020

    Mlrollin91

    Joined:
    Nov 20, 2008
    Location:
    Ventura
    #19
    How does someone find something like this? Who would attempt this for no reason just to see what happens?

    I'm always amazed when these bugs are found, like the lock screen on and so on.
     
  20. velcrovan, Feb 6, 2014
    Last edited: Feb 6, 2014

    macrumors newbie

    Joined:
    Nov 10, 2011
    #20
    Wake up

    "Don't you folks at MacRumors realize that by posting a thread like this, you tip off thieves blah blah"​

    Teachable moment: the way to ensure that security flaws get fixed asap, as they should be, is to release information about them publicly.

    I know it seems counter-intuitive, but the fact is that trying to keeping exploits hush-hush until they can be fixed doesn't work. Those who could fix the problem take longer to get around to it, thieves always find out anyway, and the only people in the dark about the situation are legitimate device owners.

    Now all of us know about the problem and several ways it can be prevented or mitigated. To withhold that information would have been blind and stupid.
     
  21. macrumors 68000

    nepalisherpa

    Joined:
    Aug 15, 2011
    Location:
    USA
    #21
    7.0.5 is already out for 5S/5C.
     
  22. macrumors newbie

    Joined:
    Jun 23, 2003
    Location:
    Frisco, TX
    #22

    I was wondering if this could also be a possible fix.
     
  23. macrumors newbie

    webfarer

    Joined:
    Feb 4, 2014
    #23
    Good point. But the possibility that some random act can switch off Find My iPhone feature is upsetting me.
     
  24. macrumors 68020

    Rocko1

    Joined:
    Nov 3, 2011
    #24
    Only in limited markets....:rolleyes:
     
  25. macrumors 68000

    Joined:
    Nov 4, 2008
    #25
    Apple haven't really had a great record of fixing things quickly. Also I'm sure they could devise some software that could run through combinations of keystrokes etc to find things like this.
    They should do better!
     

Share This Page