How Hackers and Scammers Break Into iCloud-Locked iPhones (vice.com) 73
Motherboard's Joseph Cox and Jason Koebler report of the underground industry where thieves, coders, and hackers work to remove a user's iCloud account from a phone so that they can then be resold. They reportedly are able to do this by phishing the phone's original owners, or scam employees at Apple Stores, which have the ability to override iCloud locks. The other method (that is very labor intensive and rare) involves removing the iPhone's CPU from the Logic Board and reprogramming it to create what is essentially a "new" device. It is generally done in Chinese refurbishing labs and involves stealing a "clean" phone identification number called an IMEI. Here's an excerpt from their report: Making matters more complicated is the fact that not all iCloud-locked phones are stolen devices -- some of them are phones that are returned to telecom companies as part of phone upgrade and insurance programs. The large number of legitimately obtained, iCloud-locked iPhones helps supply the independent phone repair industry with replacement parts that cannot be obtained directly from Apple. But naturally, repair companies know that a phone is worth more unlocked than it is locked, and so some of them have waded into the hacking underground to become customers of illegal iCloud unlocking companies.
In practice, "iCloud unlock" as it's often called, is a scheme that involves a complex supply chain of different scams and cybercriminals. These include using fake receipts and invoices to trick Apple into believing they're the legitimate owner of the phone, using databases that look up information on iPhones, and social engineering at Apple Stores. There are even custom phishing kits for sale online designed to steal iCloud passwords from a phone's original owner. [...] There are many listings on eBay, Craigslist, and wholesale sites for phones billed as "iCloud-locked," or "for parts" or something similar. While some of these phones are almost certainly stolen, many of them are not. According to three professionals in the independent repair and iPhone refurbishing businesses, used iPhones -- including some iCloud-locked devices -- are sold in bulk at private "carrier auctions" where companies like T-Mobile, Verizon, Sprint, AT&T, and cell phone insurance providers sell their excess inventory (often through third-party processing companies.)
In practice, "iCloud unlock" as it's often called, is a scheme that involves a complex supply chain of different scams and cybercriminals. These include using fake receipts and invoices to trick Apple into believing they're the legitimate owner of the phone, using databases that look up information on iPhones, and social engineering at Apple Stores. There are even custom phishing kits for sale online designed to steal iCloud passwords from a phone's original owner. [...] There are many listings on eBay, Craigslist, and wholesale sites for phones billed as "iCloud-locked," or "for parts" or something similar. While some of these phones are almost certainly stolen, many of them are not. According to three professionals in the independent repair and iPhone refurbishing businesses, used iPhones -- including some iCloud-locked devices -- are sold in bulk at private "carrier auctions" where companies like T-Mobile, Verizon, Sprint, AT&T, and cell phone insurance providers sell their excess inventory (often through third-party processing companies.)
Stolen iPhone (Score:5, Interesting)
Very interesting timing on this story. Friday my son's iPhone 7 was stolen at school around 11 AM. Before he made it home at 3 PM his iPhone had been taken over - he had emails between 2:42 and 2:45 showing where someone had changed his gmail password, logged into his gmail account on a different phone, changed the password on his Apple account (which used the gmail account for the Apple ID), and disabled Find My Phone on his stolen phone (and the email from Apple helpfully indicated that now the device could be reset and logged into without the Apple ID credentials). The IP address that was done from was at his high school (the phone did not have cellular service - he used it with WiFi only).
I'm still trying to wrap my head around the fact that someone at this relatively small school knew how to take over an iPhone locked with a 6 digit passcode. It appears that gmail was the weak link here. My guess is to what happened is that since the google apps were installed on the iPhone, when a "lost password" was triggered from a different phone, Google sent a reset code to the stolen phone. I haven't bothered to try and test this, but my hunch is that the reset code that Google sent to his phone was a notification accessible while the phone was locked.
The lesson I have learned here (in any case, since the first step that occurred was his Google account password was changed and logged into from a different phone) is NEVER use gmail addresses for your Apple ID. That was the attack vector, and if it is too easy for someone to change your gmail password, then it's too easy for them to take over your hardware devices as well.
Re: (Score:2, Insightful)
Re: (Score:1)
Re:Stolen iPhone (Score:4)
Re: (Score:2)
Always nice to have random strangers on the internet giving unsolicited parenting advice.
If Florida Man/Woman has taught me anything then it's that there are a lot of people out there that could use all the advice they can get.
Re: (Score:2)
A coworker of mine just let her young teenager get his first phone, but he had to buy it with his own money - so he got a $100 Android phon
Re: (Score:1, Troll)
Re:Stolen iPhone (Score:5, Informative)
My son worked as a dishwasher and saved up for it. He bought it for $100 from a friend that upgraded their phone. But thank you for your parenting advice. Actually yesterday I went to the local pawn shop and bought a ZTE phone for $10 that he's using for snapchat, etc, for now.
Re: Stolen iPhone (Score:1)
Re: Stolen iPhone (Score:1)
Wow, when I graduated HS, NOBODY had a cell phone, and they were worried about pagers which would be confiscated on site. (makes sense, because a teen with a pager was most likely a drug dealer)
This was in 1995.
Re: (Score:2)
Re: (Score:1)
Why does your kid need a $500 plus phone to bring to school?
A quick check of Swappa [swappa.com] reveals a used iPhone 7 is worth about $200. Adjusted for inflation (I'm 40), that would've been like me having a $120 gadget at school, when I was 16.
Doesn't sound too unreasonable to me. Sorry grandpa, you're just getting old like the rest of us.
Re: (Score:2)
Re: (Score:3)
If you have access to the Apple account, you can remote wipe the phone, which removes the pin. However you still have to log into the device with the Apple account ("Activation Lock"), which as I indicated had been taken over by the thief.
https://support.apple.com/kb/P... [apple.com]
Re:Stolen iPhone (Score:4, Informative)
Having at one point in my life having done customer service for World of Warcraft, I cannot recommend enough that everyone use Authenticator options wherever available for online accounts, especially high value ones such as Gmail. While in your case it was clearly someone based at the school, in general there is a enormous industry in the business of compromising accounts of all types.
Re: (Score:1)
Re: (Score:2)
Perhaps the simplest answer is most likely: someone watched him enter his passcode and/or GMail password BEFORE they stole the phone.
Or, as someone else suggested, the mean kid in school made him give it up.
Re: (Score:2)
My guess would be the 6 digit passcode was the weak link. It's pretty easy to watch someone entering it, especially in a crowded place like a school. Once they're in, if the phone has gmail loaded, they can access the gmail account without knowing the password.
Gmail normally prevents someone from chan
Re: (Score:2)
Re: (Score:2)
Why, given Google's record of killing its projects?
Re: (Score:2)
Re: (Score:2)
I'm still trying to wrap my head around the fact that someone at this relatively small school knew how to take over an iPhone locked with a 6 digit passcode. It appears that gmail was the weak link here. My guess is to what happened is that since the google apps were installed on the iPhone, when a "lost password" was triggered from a different phone, Google sent a reset code to the stolen phone. I haven't bothered to try and test this, but my hunch is that the reset code that Google sent to his phone was a notification accessible while the phone was locked.
Having owned several generations of iPhone I can see how:
On my older iPhone 6+, text message, alerts, and their contents are readily visible on the lock screen. On the newer iPhone X, the notifications are visible, but the contents of these notifications are not displayed until FaceID recognizes the owner. Odd, because TouchID could work in a similar manner. That could possibly be the way this happened. I don't use Google's apps on the iPhone and just use the built-in mail application - which do not not
tehre is a simpler explanation (Score:2)
Re: (Score:2)
Stupid game... (Score:2, Troll)
Erasing a phone should be as easy as erasing a computer -- storage module should be removable, and you should be able to reinstall the OS. Encrypt the thing, of course, to prevent data theft. It's terrible that usage of a device that you own (or possess, anyway) is at Apple, Google, or another company's whim...
Yeah, yeah, thieves. Know what? I'm not a coward. And frankly, if my phone is stolen, I'd still rather have it be useful to someone than end up polluting a landfill somewhere in Africa. Gaia fir
Re: (Score:3)
Personally I'd rather that my phone is less likely to be attractive to a thief and thus less likely to be stolen. Activation lock (and the like from other manufacturers) have caused phone thefts to drop. People still steal them but it's a less attractive target since they know all the work that has to go into unlocking them. That's good enough for me.
As for ending up in a landfill.. the article shows that that doesn't happen. They end up getting sold off for parts or for people who for some reason are w
Re: (Score:2)
Re: (Score:2)
Yes.. you definitely can, at least on an iPhone. They're two completely separate features. And you can set the phone to wipe after 10 failed passcode attempts.
I've been wracking my brains since I read your first post.. what does not being a coward have anything to do with whether or not a phone has an anti theft lock?
Re: (Score:1)
https://techcrunch.com/2015/02... [techcrunch.com]
Re: (Score:3)
There's a very minimal decrease in probability of being stolen
Absolutely false. There has been a huge drop in smartphone thefts worldwide thanks to this technology. Stop spreading FUD.
Re: (Score:2)
There's a very minimal decrease in probability of being stolen
Absolutely false. There has been a huge drop in smartphone thefts worldwide thanks to this technology. Stop spreading FUD.
Sources, or you're just trying to convince yourself that you're safe. RTFA, stolen or found iPhones can be unlocked, and are valuable otherwise.
Re: (Score:2)
Investigate with school IT staff assistance (Score:1)
At the school I worked in we logged all web access using a Squid Proxy Server. This would have allowed us to look up who on that day at that time had accessed both Googlemail and Apple iCloud.
Highly likely then to have the login name of the kid or staff member who did it. Unless their password was stolen too.
They may also be able to see what access point the phone was connected to. In fact, they m
Re: (Score:2)
Good luck with the bureaucracy.
Hope for locked phone (Score:2)
My brother-in-law has an old iPhone 5c which he can't get into - the iCloud account is clearly still set to one of his Email addresses (he owns hisname.com and even the obfuscated version with first and last letters are the right ones) but password reset emails never arrive. I've encouraged him for a year now to come with me to the nearest Apple store and get their help but could not promise they'd manage it, and he's never had the spare time between work and kids. But if they can definitely do it (once c