iPad mini Activation lock "hack" ... friend's iPad Mini

Discussion in 'iPad' started by D.T., Feb 18, 2017.

  1. D.T. macrumors 603

    D.T.

    Joined:
    Sep 15, 2011
    Location:
    Vilano Beach, FL
    #1
    So this is a strange problem a friend is having, walked her through several things, just wondering how this attack might have happened (from my own technical interest), but potentially any solutions.

    I've been a dev/architect/writer for a _long_ time, but this is a new one to me, though I'm not up on all the current exploits.

    It's an old high school friend of my wife's (she lives up north so not local to us), she works hard, so this is extra painful for her and her kids. She's pretty off the grid in terms of tech, and/or being involved on anything that would expose information, the iPad stays at home.

    So here's the scenario, point-by-point:

    She has a Mini, I think it's a 1 or 2, she said it's about 5 years old.

    She paid cash, bought it brand new from Target/Walmart, doesn't have the receipt any longer.

    She was watching Netflix, the device reset this morning - I mean, just right in the middle of a show she said, came back with an activation lock prompt.

    I was concerned about her email being hacked (it's a Yahoo account), I was able to generate an SMS code to her, I used that to reset to Yahoo email to a nice strong password.

    While I was at it, I reset her Netflix and iCloud/AppleID accounts as well.

    Her activation lock prompt matches her Yahoo account, i.e., the first letter is the same, then *** and the yahoo.com suffix.

    However, when she enters her email and [new] AppleID password it says invalid.

    She calls Apple (on the phone while I was resetting her accounts) and they say, her email is no longer associated with her iPad, determined from her providing the serial number from the back of the device.

    They also indicated the device has been flagged as stolen (something about an "F2" security lock?)

    My assumption with her bad password was that someone gained access to her Yahoo email, used that to reset her iCloud/AppleID password, and used that to access it, but how things wound up don't seem possible even with that level of account access.

    So it appears that someone was able to register this device (or at least the serial) to an iCloud account, without having physical access to the device[?]

    She was able to gather from Apple support that her apple ID is NOT the current associated AppleID (of course they won't disclose what it is), however the masked email in the Activation Lock screen does happen to still match her actual AppleID ... see below:

    Odd [unrelated?] coincidence: when she was trying to get access to her account, she tried firstletter + lastname@yahoo.com because the obfuscated email shown on the Activation Lock screen happen to match it (her real email uses the same first letter and they both share the @yahoo.com suffux) - that email ID is actually "locked for security", again, probably no correlation, and her name is pretty common, but given the strange set of events.

    Further info: I tried accessing this guessed at email account from above, and the phone number for the account reset was unknown to her - yet again, this could simply be coincidence.

    Feel so bad for her a new iPad purchase isn't easy for her as it is for some of us, I'll probably offer to track one down in the marketplace right here at MR, heck, she'd be happy with a functioning 5 year old device, let alone something new-ish.
     
  2. bensisko macrumors 65816

    Joined:
    Jul 24, 2002
    Location:
    The Village
    #2
    I would think when she set it up the serial number would have been registered with Apple. Sounds like something an in-person visit to the Apple Store should solve.
     
  3. bufffilm macrumors 601

    bufffilm

    Joined:
    May 3, 2011
    #3
    The Appleid tied to the Mini is now changed. It renders the SN to secondary importance, not that it matters in any way.

    Since she no longer has the receipt, it's over.
     
  4. bensisko macrumors 65816

    Joined:
    Jul 24, 2002
    Location:
    The Village
    #4
    Yeah, but I would think if she showed up in person, with identification, Apple would be able to do something. If nothing else, they should be able to identify her as the original owner. Not sure what they would do next (be it technical or customer service).
     
  5. Shirasaki macrumors 603

    Shirasaki

    Joined:
    May 16, 2015
    #5
    There was a method some hardware companies used to deactivate an activation locked device.

    It basically uses special hardware to refresh the serial number stored in flash memory so that iPhone or iPad will treat it as another device, rather than original one.

    The issue of this method is the guys resetting serial number have no idea which other device has the same serial number. I guess her device is a victim of such "unlock technique". When another one with the same first letter of a yahoo account sets up find iPhone, hers is locked because both devices have the same serial number. Then Apple only records the latest one, assuming the email has changed. Having both with the same first letter of email account is far more common than with similar address.

    NOTE: this is purely my speculation, although there is such technique available on YouTube. Didn't remember the channel name though.
     
  6. Marshall73 macrumors 6502a

    Marshall73

    Joined:
    Apr 20, 2015
    #6
    She should be able to find a record of the purchase through her bank if she paid by card, that and Apple can see which account it was registered to prior to the change. So it's very far from over, make an appointment at an Apple Store and sort it out there.
     
  7. bufffilm macrumors 601

    bufffilm

    Joined:
    May 3, 2011
    #7
    According to OP, it was a cash sale.

    Yes, maybe a visit to Apple Store can yield something, but I doubt it (going by past similar threads here).
     
  8. Marshall73 macrumors 6502a

    Marshall73

    Joined:
    Apr 20, 2015
    #8
    A colleague of mine had a similar issue, had no access to the Apple ID, wasn't sure what it was as it had been set years ago, he had no receipt but called Apple and after about an hour with them they removed the Apple ID and he was able to setup his iPad. They were able to match his payment info etc to the Apple account so I'm sure they would be able to do it with this user as they would be able to see the Apple ID history etc for the device and it would then be obvious that the account had been hacked or that the serial had been used on another device.

    I have yet to see a genuine user be left disappointed by locked devices due to lost or hacked Apple id's
     
  9. fischersd macrumors 68040

    fischersd

    Joined:
    Oct 23, 2014
    Location:
    Kitchener, Ontario, Canada
    #9
    Does she still have the original box? That, at least, adds some credibility to her being the original owner (or having purchased it from the original owner).
     
  10. D.T. thread starter macrumors 603

    D.T.

    Joined:
    Sep 15, 2011
    Location:
    Vilano Beach, FL
    #10
    Thanks for the thoughts and input. Yeah, her situation without any traceable payment makes it all that much more difficult. While she didn't yield any results from a call, I did tell her a trip to the Apple Store (there's one very close to her) is probably the next best option.

    @Shirasaki - I thought about that, does seem like a password collision out of the blue (assuming what she communicated was accurate), but I also realize that's a pretty fringe possibility.
     

Share This Page