• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Bug in iOS 7 Lets You Disable Find My iPhone/Delete iCloud Account Without a Password


    A new security flaw in iOS 7.0.4 has been discovered that allows someone with potentially malicious intent to delete the iCloud account registered to an iOS device and disable Apple's Find My iPhone theft-deterrent feature without having to enter the password to that user's Apple ID.

    Normally, when you try to disable Find My iPhone, or delete an iCloud account from an iOS device, Apple's iOS 7 operating system should prompt you to enter the password to the Apple ID of the account you're trying to modify. This feature was intended to help prevent device theft by keeping unwanted users from stealing and using your iOS device(s).

    Unfortunately, this new bug that has been discovered allows the potentially malicious user to work a little goofy finger magic, and suddenly Apple's iOS 7 won't ask you for that password to that Apple ID anymore. You can check out the thorough video demonstration of this happening below:



    For a mobile-friendly video link that works with our app, tap on the video link below:

    YouTube Video

    This comes off as a major security issue, because this means that anyone that gets ahold of your device and has access to the Settings application could literally make your iOS device their own in a matter of seconds.

    MacRumors reports that they were able to confirm that the bug exists and can be exploited on multiple variations of iOS 7.0.4 devices, including iPhones and iPads, and also verified that the bug doesn't appear to be existent in Apple's upcoming iOS 7.1 firmware, which is currently in beta 5 as of Tuesday.

    If you're worried about being targeted by this bug, the best protection is to set a passcode or use Touch ID so that no one but you can get into your iOS device and launch the Settings application. Those that are jailbroken on iOS 7.0.4 will probably be willing to deal with the bug to keep their jailbreaks, so a passcode is probably the best idea.

    Sources: Bradley Williams via MacRumors
    This article was originally published in forum thread: Bug in iOS 7 Lets You Disable Find My iPhone/Delete iCloud Account Without a Password started by Anthony Bouchard View original post
    Comments 23 Comments
    1. edwilk55's Avatar
      edwilk55 -
      Glad I password protect settings.
    1. slim.jim's Avatar
      slim.jim -
      Having a passcode to unlock the phone will prevent this nicely. However this is a big security flaw.
    1. eballesq's Avatar
      eballesq -
      Quote Originally Posted by edwilk55 View Post
      Glad I password protect settings.
      Me too. BioLockDown, baby!
    1. tankz504's Avatar
      tankz504 -
      Quote Originally Posted by eballesq View Post
      Me too. BioLockDown, baby!
      Ummm power the phone off and hold volume up when it's powering on..... No more tweaks.
    1. iYeow's Avatar
      iYeow -
      What about 7.0.5, is it patched ?
    1. csglinux's Avatar
      csglinux -
      Quote Originally Posted by tankz504 View Post
      Ummm power the phone off and hold volume up when it's powering on..... No more tweaks.
      If the phone were powered off, the thief would need the passcode to unlock the device before being able to access the settings menu.
    1. 3xpl05iv3's Avatar
      3xpl05iv3 -
      Quote Originally Posted by edwilk55 View Post
      Glad I password protect settings.
      Makes no odds if they reboot with mobile substrate blocked ( volume up )
      All the security provided by the locking apps use it so no security!
    1. politicalslug's Avatar
      politicalslug -
      I have my passcode set to erase the phone after 10 wrong attempts. Sure, they can wipe it, but they can't get my info, either with or without cydia substrate. I suggest you all do they same.
    1. Digitalfeind's Avatar
      Digitalfeind -
      Quote Originally Posted by edwilk55 View Post
      Glad I password protect settings.
      Applocker is amazing

      Quote Originally Posted by 3xpl05iv3 View Post
      Makes no odds if they reboot with mobile substrate blocked ( volume up )
      All the security provided by the locking apps use it so no security!
      I use iCaughtu pro so it doesn't let you power down when the device is locked. I know it doesn't fully keep one out but it adds another level of security when trying to power down and volume up. Sure you can run the battery down and such but if it makes it more difficult for the thief I am glad.
    1. dsg's Avatar
      dsg -
      don't give your iDevice to anybody and if you leave it laying around where somebody can get hold of it, I don't think they would try to do this; they'd just leave with your iDevice

      so to sum up, not much of a security flaw if you care about your iDevice
    1. morbidpete's Avatar
      morbidpete -
      Quote Originally Posted by edwilk55 View Post
      Glad I password protect settings.
      Have biolock protecting my settings app, along with cydia. iCaughtU Pro and people are more then welcome to try to steal my phone. Only option is DFU mode, but it will still be locked cause they cant remove icloud lol

      But even with all that, we are still vulnerable if they respring to safemode :-(
    1. Carvensno's Avatar
      Carvensno -
      Average thief isn't going to care. The only thing their going to care about? Is where to pawn or sell off the phone fast to make a quick $$$.
    1. morbidpete's Avatar
      morbidpete -
      Quote Originally Posted by Carvensno View Post
      Average thief isn't going to care. The only thing their going to care about? Is where to pawn or sell off the phone fast to make a quick $$$.
      there going to care when I have a pic of there face trying to unlock my phone
    1. Carvensno's Avatar
      Carvensno -
      Quote Originally Posted by morbidpete View Post
      there going to care when I have a pic of there face trying to unlock my phone
      Well that's good and more proof for the cops LOL. My comment was just saying in general though.
    1. bubbanc's Avatar
      bubbanc -
      Quote Originally Posted by politicalslug View Post
      I have my passcode set to erase the phone after 10 wrong attempts. Sure, they can wipe it, but they can't get my info, either with or without cydia substrate. I suggest you all do they same.
      You do realize that that wiping a jailbroken phone DOES NOT WORK? If you don't believe me, try it. It will appear to be wiping but sit there and spin forever. When you reboot, everything is there. This has been a problem since iOS 6 and the JB devs haven't bothered to fix it.
    1. TheiPhone911's Avatar
      TheiPhone911 -
      This doesn't actually disable FIND MY IPHONE. I tested this on my phone and even though it's "removed" and not in the phone anymore, after a restore, it asks for the original iCloud account information. So deleting it is pointless.
    1. sknet's Avatar
      sknet -
      i am fully protected even with condoms......
    1. DJonas's Avatar
      DJonas -
      Yea the restriction options protects you from this hack
      Go to Settings > General > Restrictions
      Turn them on.
      Then scroll down to Allow Changes > [Accounts] , and set it to "Don't Allow Changes"
      Problem solved.
      EDIT 2: It might also be a good idea to turn on restrictions of location services as well


      EDIT 3: I wonder though if this is an actual bug or if this guy just used an alias of the same account to accomplish this. Did modmyi confirm this was indeed a bug before it was posted ?
    1. Feanor64's Avatar
      Feanor64 -
      Ok I'm suing apple.
    1. starkall's Avatar
      starkall -
      Can't a thief just DFU the device and restore anyways?