Apple iCloud Activation Lock

Following the public disclosure of a security flaw in the iCloud Activation Lock web page that allowed phone thieves to reactivate devices to other Apple user accounts, the company has decided to shut down the page for the time being.

For years, the iCloud Activation Lock web page has allowed users looking to buy a new Apple device to check and see if the device has been locked by its previous owner, a clear sign that the device has been stolen.

Users only had to enter the device's IMEI code or serial number and get a result within seconds.

YouTube video detailed the bug last July

A video published last July by REWA Technology detailed a method that allowed a device owner to activate a previously locked device to another user's account just by altering one or more characters in the device's IMEI or serial number.

Crooks have abused this bug to reactivate stolen devices that had been previously locked by their legitimate owners.

For thieves, it didn't matter if the device was reallocated to another user's account since it was more important to show the device as active.

The bug didn't work for all Apple devices, but only for iPhone 6s, iPhone 6s Plus, iPhone 7 and iPhone 7 Plus.

While Apple didn't confirm this was the reason for the page's takedown, the iCloud Activation Lock web portal went down hours after Apple news blog MacRumors published a story detailing the bug, along with REWA's video. The bug is detailed after 05:20.


Related Articles:

Apple Launches iPhone XR, iPhone XS, iPhone XS Max and Watch Series 4

macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files

iOS 12 Patches Memory Bugs, Safari 12 Fixes Data Leaks

New CSS Attack Restarts an iPhone or Freezes a Mac

Chrome 69 for iOS Moved Navigation Bar to Bottom of Screen & Users are Unhappy