Apple iCloud Activation Lock

Following the public disclosure of a security flaw in the iCloud Activation Lock web page that allowed phone thieves to reactivate devices to other Apple user accounts, the company has decided to shut down the page for the time being.

For years, the iCloud Activation Lock web page has allowed users looking to buy a new Apple device to check and see if the device has been locked by its previous owner, a clear sign that the device has been stolen.

Users only had to enter the device's IMEI code or serial number and get a result within seconds.

YouTube video detailed the bug last July

A video published last July by REWA Technology detailed a method that allowed a device owner to activate a previously locked device to another user's account just by altering one or more characters in the device's IMEI or serial number.

Crooks have abused this bug to reactivate stolen devices that had been previously locked by their legitimate owners.

For thieves, it didn't matter if the device was reallocated to another user's account since it was more important to show the device as active.

The bug didn't work for all Apple devices, but only for iPhone 6s, iPhone 6s Plus, iPhone 7 and iPhone 7 Plus.

While Apple didn't confirm this was the reason for the page's takedown, the iCloud Activation Lock web portal went down hours after Apple news blog MacRumors published a story detailing the bug, along with REWA's video. The bug is detailed after 05:20.


Related Articles:

Apple 2018: iPhone X Best Selling Smartphone, Stock Hits New High & New Gear on the Way

QR Code Bug in Apple iOS 11 Can Lead Users to Malicious Sites

Upcoming iOS 12 Will Share Emergency Location With 911 Services

macOS Breaks Your OpSec by Caching Data From Encrypted Hard Drives

Mac Security Tool Bugs Allow Malware to Appear as Apple Software