As another posted said, Apple could use the MAC address as the second piece of information.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple's Activation Lock Website Played Key Role in Hack, Perhaps Explaining its Removal
- Thread starter MacRumors
- Start date
- Sort by reaction score
Said by me 10/23/16:
"They are going to have to devise a way to "marry" or "fingerprint" the IMEI AND serial number to each and every device going forward. That way, when a device attempts to be "activated", they can authorize not just the serial number, but the entire "package" - SN, IMEI and device. I would think this is a way to prevent this work around in the future."
https://forums.macrumors.com/thread...wrong-apple-ids.2004550/page-15#post-23767828
"They are going to have to devise a way to "marry" or "fingerprint" the IMEI AND serial number to each and every device going forward. That way, when a device attempts to be "activated", they can authorize not just the serial number, but the entire "package" - SN, IMEI and device. I would think this is a way to prevent this work around in the future."
https://forums.macrumors.com/thread...wrong-apple-ids.2004550/page-15#post-23767828
Last edited:
How does it limit the market? yo want sellers to sell stolen devices?
Nunyabinez, thank you. you obviously share the same heart as i. thank you.
[doublepost=1485846567][/doublepost]
yes. you sure did. great analysis of the problem even back in October.
so, extrapolating, for sure apple could have, with all its access to the process, known exactly what was happening.
and that it only took action now.
hmm...
Well it would make it a lot harder. Soldering the chip back in, putting the device back together just to find out that the serial number is locked, start all over... etc. even in a backstreet lab in China with cheap labor, this would not be efficient. Plus I guess you can only do this a limited time until the repeated heating of the chip will kill it.
[doublepost=1485850584][/doublepost]
I can easily see this being set up somewhere in a 'cheap' part of China where the people doing the work would be paid something like 500 USD per month - so this could be quite a money making operation. Plus the equipment is not that expensive, I just checked on Taobao (Chinese Ebay equivalent), and it was reasonably easy to find the chip-writing tool at a cost of around 450 USD, so together with the heatgun etc. I guess the total hardware investment would be below $1000.
Your avatar scares me and I hope you're getting help.
Not surprising, given the current climate at Cupertino HQ.
Whatever they do going forward they need to rethink this and protect their customers.
Whatever they do going forward they need to rethink this and protect their customers.
What are you smoking? OF COURSE this video exists for the sole purpose of criminal intent. There is no other legitimate purpose. I'm sure those that produced the video sell the equipment and/or software so that you can change the serial number of stolen devices.
[doublepost=1485860176][/doublepost]
Logging out is not a problem, but erasing and resetting the device is. Between the time I reset my 6s and sold it to a friend a few weeks later, someone stole the serial number and we had a huge hassle and had to wait a couple days for Apple to unlock it.
If you have a device that's been reset, I'd go and re-activate it until just before you need to sell it.
[doublepost=1485860501][/doublepost]
In order to get around this, the hackers will need to write a new random serial number to the hard disk and try to activate it. If that requires disassembling and reassembling the device, that's not practical. What they need to do is try and write their own version of the activation process so they can run it over and over. I'm sure Apple is already thinking of how they can thwart that.
[doublepost=1485860927][/doublepost]
I have to disagree - especially as someone who had their device's serial number stolen - this video is clearly designed for the purpose of stealing serial numbers. There's no other intent. Maybe someone legitimately obtain the device and maybe it wasn't even stolen, but following this process for stealing someone else's serial number is not innocent.
And why would Apple ever want to create extra serial numbers so people can hack devices? That's a crazy suggestion.
[doublepost=1485861370][/doublepost]
The theif isn't going to return the device, but a lot of these stolen phones are stolen because the thief already has a buyer (organized crime ring.) If iPhones were known to be unusable, the thief wouldn't have a market to sell them and would target other devices (though some iPhones would always get stolen anyway.)
[doublepost=1485861667][/doublepost]So... I have a question. I sold an iPhone 6s and while it was unlocked waiting to be delivered to the new buyer (a friend) the serial number was stolen and the device locked. AppleCare got the device unlocked and my friend was able to activate it and it's working fine.
But.... there's still a hacked phone out there somewhere in the world with a duplicate phone number. Is it still able to work? What happens if they reset it? I assume they won't be able to re-activate it (unless the real phone happens to also be unlocked at that moment?
Last edited:
There is only facts and lies. Nothing inbetween.
The term "alternative facts" only exists because people can't say outright if they think something is a fact or a lie.
It does not stop the problem, just simply makes the task that much harder for thieves. Using the video above as an example, you would have to change the SN, reassemble the device, then try activating the device. If the device is still activation locked, you would have to repeat the process all over. This could take a long time and hopefully deter thieves.
[doublepost=1485877013][/doublepost]
You expect Apple to use multi-factor authentication? Pshaw, only computer geeks know about that kind of stuff.
Apple already implements multi-factor authentication - You just need to enable it.
[doublepost=1485877128][/doublepost]
I believe it was meant as a joke but "alternative facts" are falsehoods aka lies. There is no 'fact' associated with alternative facts.
[doublepost=1485877263][/doublepost]
You do realize that company featured in the video offers service ranging from data recovery, memory swaps, and in this case, activation lock bypass. I'm pretty sure their customers are not thieves... and their customers are interested in what they do and how they do it if they are going to pay lots of money for their services,.
What Apple did is not enough. And Apple knows it.
No. Sorry. I am not going into much detail here, but I assure you that you can try to lock a lost/stolen iPhone, note that I used "try" here, because if the thief is smart, then you are out of luck. The lock won't work. And no. There is no serial# hack involved. Like the one in the video.
Note: There already is a serial number in the security enclave, but Apple isn't using it. Not yet that is.
No. Sorry. I am not going into much detail here, but I assure you that you can try to lock a lost/stolen iPhone, note that I used "try" here, because if the thief is smart, then you are out of luck. The lock won't work. And no. There is no serial# hack involved. Like the one in the video.
Note: There already is a serial number in the security enclave, but Apple isn't using it. Not yet that is.
If so, why don't apple block this warranty check page : https://checkcoverage.apple.com/
???
It also uses serial number! And thiefs can also use that page to check is the serial number is new.
???
It also uses serial number! And thiefs can also use that page to check is the serial number is new.
Last edited:
It doesn't tell you that (the device with) a given serial number is activation locked. That's the supposed issue - someone being able to check that a given (stolen) serial number won't be activation locked before they go through the somewhat involved process of writing it to the flash memory of a different device.
The whole locking process flies in the face of hundreds of years of established legal precedent of possession being tantamount to ownership unless the possession happened under suspicious circumstances. I'm all for holding down the incentive to someone stealing my phone, but I don't like upending centuries of legal precedent to get there.
The people who get hurt by this most often are NOT the thieves, but the uninformed purchasers who didn't know enough to check some obscure website before handing over their money.
The activation lock mechanism is well-intentioned, but really doesn't even come close to solving the problem. A problem that hasn't been solved since before humans built their first tools -- theft.
And, for everyone screaming "unethical" and "mean" at Rewa -- tell me why in the hell I shouldn't be able to edit the data on the hard drive in a device I bought and own? If that breaks someone else's device, that's a bug in the design and Apple's problem not mine.
I'm just aghast at how upside down ethics has come that the people that give us tools to tinker with our devices are the evil ones and the ones keep us from even reading the contents of our property are the good guys.
The people who get hurt by this most often are NOT the thieves, but the uninformed purchasers who didn't know enough to check some obscure website before handing over their money.
The activation lock mechanism is well-intentioned, but really doesn't even come close to solving the problem. A problem that hasn't been solved since before humans built their first tools -- theft.
And, for everyone screaming "unethical" and "mean" at Rewa -- tell me why in the hell I shouldn't be able to edit the data on the hard drive in a device I bought and own? If that breaks someone else's device, that's a bug in the design and Apple's problem not mine.
I'm just aghast at how upside down ethics has come that the people that give us tools to tinker with our devices are the evil ones and the ones keep us from even reading the contents of our property are the good guys.
No, as pointed out by others you can easily remove your iCloud lock and resell your phone. It's there to discourage thieving bastards from stealing and reselling your phone. Networks should also be sharing blacklisted IMEI numbers globally to prevent stolen phones from working on any network.
This is the same Silicon Valley ethos that thinks a "NASA control center" staffed by guys in plaid shirts can effectively police online content for the betterment of society. Orwell's Nineteen Eighty Four writ large.
many chinese email addresses look like "395440256@qq.com"
QQ is basically Chinese Google (since Google is blocked), and they all get assigned numerical email address - kinda creepy, like a "citizen number" or something. If you are locked to a QQ iCloud account and it's not yours, then your serial was hacked by Chinese reseller
[doublepost=1485894873][/doublepost]
Yes bro I am aware of that. Worked there for 6 years. But if you perform the steps in this video and change the serial number - no more activation lock. Or just switch out the logic board for a bad one, bro. Saw phones with serial number/IMEI mismatches alllll the time.
[doublepost=1485895029][/doublepost]
this is correct. but the resellers don't have proof of purchase cuz the phones are stolen
[doublepost=1485895260][/doublepost]
The serial number or IMEI HAS to be physically printed somewhere, either outside or inside the phone. They removed it from the back of the phone, but it is still somewhere inside. It may just be a QR coded sticker, but resellers can use a QR reader easily. If the logic board is fried and the serial number is not printed anywhere, how will a service tech/the manufacturer know what phone it is? As far as Apple iPhone support goes, no serial number, no service
[doublepost=1485895456][/doublepost]
It doesn't put an end to it, but it's just one less tool at their disposal. There are other grey-market websites that you can use to check activation lock status.
I'm willing to bet the ratio of actual users of this site to criminals is like 10:1. Apple is probably just saying "well no real users are utilizing this, just the resellers, so let's take it down." Most actual iPhone users don't even know what activation lock is or why it exists
[doublepost=1485895523][/doublepost]
actually if you try running too many different serial numbers on that page it will block you at and tell you to try again later. but most importantly, it doesn't tell you activation lock status
Last edited:
Yeah man it totally doesn't allow you to resell your devices when you're not going to use them anymore! I mean my last three iPhones are just sitting here wasting away because I couldn't totally just turn it off in settings and sell on Swappa for 70-80% of its original value.
Oh wait .... that's exactly what I did.
Agreed, the video does not EXPLICITLY state it is for criminal use, and thus why it remains posted. However, there is literally NO practical reason for doing this aside from needing to swap serials. Say your NAND flash fails on your iPhone, if it is in warranty it is replaced for free. Out of warranty, $329 max. The cost of the device, new flash drive, time it takes to repair and risk of further damage make it not worthwhile for a regular user
[doublepost=1485896008][/doublepost]
wait you actually understand how something works, and followed instructions?! unheard of in this venue
It's not crazy. Extra serials would mean one can write a serial to the device without impacting on other devices.
And apple do not have an aversion towards people writing serials to apple devices. That does not constitute hacking either. Apple themselves created an app called Blank Board Serializer precisely for this purpose.
Alas it is only available for mac and hasn't been ported over to other devices.
Maybe they should port it over. That would solve a lot of problems.
But to suggest apple don't want people to write serials to their devices is wrong. Otherwise why would they have created Blank Board Serializer?
Blank board serializer is to assign the serial number to a replacement logic board in your Mac. These tools exist for windows machines too. They are not for 'consumer' use but for repair technicians to reassign the product serial when replacing faulty parts like the logic board. They are not for 'changing' the device serial, they are to assign the existing one to replacement parts.