Two hackers have created a tool that they claim can bypass Apple’s ‘Activation Lock.’ It’s called ‘doulCi, and it uses a man-in-the-middle attack to intercept users’ Apple ID credentials as well as unlock devices disabled by the highly-lauded security feature.
The hack utilizes a vulnerability in iTunes for Windows that has to do with verifying security certificates. And apparently, all you have to do to get it to work is plug in the device to a computer, and alter a file, directing it to an alternate server instead of iCloud…
According to security researcher Mark Loman, the bug in the Windows version of iTunes was either a beginner’s mistake, or was left in intentionally to allow intelligence agencies to access iCloud. Apple recently fixed a similar vulnerability in OS X and iOS.
Here’s how AquaXetine and MerrukTechnolog, aka Team doulCi (iCloud backwards), describe the attack:
doulCi is the worlds first Alternative iCloud Server, and the world’s first iCloud Activation Bypass. doulCi will bypass and activate you iDevice for you when you are stuck at the Apple activation menu. So, why would you use it? For example, if you have forgotten your Apple ID and password or no longer have access to your old itunes-email account then its impossible to regain control of your Apple Product!! doulCi is the solution that will enable you to can regain permenant access.
We haven’t seen video proof of the attack in action, but the hackers have demonstrated its efficiency by sharing screenshots of ‘calls to Apple’s iCloud activation service.’ A number of other users are also sharing screenshots, showing the hack worked for them.
Evad3rs team member and long-time hacker MuscleNerd notes:
This is gaining traction with media https://t.co/0iUX690Hek but it only turns iPhones into iPods (no cell) and isn’t persist thru restores
— MuscleNerd (@MuscleNerd) May 21, 2014
It appears that even after a successful attack, where an iPhone disabled by Activation Lock is un-bricked, the device is still SIM-locked. But according to one of the team members, a carrier fix is on the way. The pair say more details are coming Thursday night.
@h0R1z0Ne @MerrukTechnolog hehe 🙂 carrier fix is coming to ::)
— AquaXetine (@AquaXetine) May 21, 2014
As malicious as the hack is, the two say their only goal was to alert iPhone and iPad users to how unsafe iCloud is. Apple has been made aware of the issue, but until it releases a proper fix, users are advised not to access iCloud services over public Wi-Fi networks.