Page 1 of 2 12 LastLast
Results 1 to 20 of 24

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Bug in iOS 7 Lets You Disable Find My iPhone/Delete iCloud Account Without a Password

  1. #1
    Default Bug in iOS 7 Lets You Disable Find My iPhone/Delete iCloud Account Without a Password


    A new security flaw in iOS 7.0.4 has been discovered that allows someone with potentially malicious intent to delete the iCloud account registered to an iOS device and disable Apple's Find My iPhone theft-deterrent feature without having to enter the password to that user's Apple ID.

    Normally, when you try to disable Find My iPhone, or delete an iCloud account from an iOS device, Apple's iOS 7 operating system should prompt you to enter the password to the Apple ID of the account you're trying to modify. This feature was intended to help prevent device theft by keeping unwanted users from stealing and using your iOS device(s).

    Unfortunately, this new bug that has been discovered allows the potentially malicious user to work a little goofy finger magic, and suddenly Apple's iOS 7 won't ask you for that password to that Apple ID anymore. You can check out the thorough video demonstration of this happening below:



    For a mobile-friendly video link that works with our app, tap on the video link below:

    YouTube Video

    This comes off as a major security issue, because this means that anyone that gets ahold of your device and has access to the Settings application could literally make your iOS device their own in a matter of seconds.

    MacRumors reports that they were able to confirm that the bug exists and can be exploited on multiple variations of iOS 7.0.4 devices, including iPhones and iPads, and also verified that the bug doesn't appear to be existent in Apple's upcoming iOS 7.1 firmware, which is currently in beta 5 as of Tuesday.

    If you're worried about being targeted by this bug, the best protection is to set a passcode or use Touch ID so that no one but you can get into your iOS device and launch the Settings application. Those that are jailbroken on iOS 7.0.4 will probably be willing to deal with the bug to keep their jailbreaks, so a passcode is probably the best idea.

    Sources: Bradley Williams via MacRumors

  2. #2
    My iPhone is a Part of Me
    Join Date
    Jul 2009
    Location
    Jaw'Ja
    Posts
    596
    Thanks
    6
    Thanked 88 Times in 67 Posts

    Glad I password protect settings.

  3. #3
    Livin the iPhone Life slim.jim's Avatar
    Join Date
    Apr 2009
    Location
    Maryland, US
    Posts
    1,014
    Thanks
    116
    Thanked 129 Times in 99 Posts

    Having a passcode to unlock the phone will prevent this nicely. However this is a big security flaw.

  4. The Following 2 Users Say Thank You to slim.jim For This Useful Post:

    sally84 (2014-02-09), twahl3583 (2014-02-07)

  5. #4
    Quote Originally Posted by edwilk55 View Post
    Glad I password protect settings.
    Me too. BioLockDown, baby!

  6. #5
    Quote Originally Posted by eballesq View Post
    Me too. BioLockDown, baby!
    Ummm power the phone off and hold volume up when it's powering on..... No more tweaks.

  7. #6
    Retired Moderator iYeow's Avatar
    Join Date
    Feb 2008
    Location
    Vancouver, Canada
    Posts
    13,996
    Thanks
    76
    Thanked 2,764 Times in 2,652 Posts

    What about 7.0.5, is it patched ?

  8. #7
    Quote Originally Posted by tankz504 View Post
    Ummm power the phone off and hold volume up when it's powering on..... No more tweaks.
    If the phone were powered off, the thief would need the passcode to unlock the device before being able to access the settings menu.

  9. #8
    Quote Originally Posted by edwilk55 View Post
    Glad I password protect settings.
    Makes no odds if they reboot with mobile substrate blocked ( volume up )
    All the security provided by the locking apps use it so no security!

  10. #9
    My iPhone is a Part of Me politicalslug's Avatar
    Join Date
    Sep 2007
    Location
    Woodland Hills, CA + Santa Cruz, CA
    Posts
    653
    Thanks
    13
    Thanked 128 Times in 87 Posts

    I have my passcode set to erase the phone after 10 wrong attempts. Sure, they can wipe it, but they can't get my info, either with or without cydia substrate. I suggest you all do they same.
    They can have my jailbreak when they pry it from my cold dead fingers.

  11. #10
    Quote Originally Posted by edwilk55 View Post
    Glad I password protect settings.
    Applocker is amazing

    Quote Originally Posted by 3xpl05iv3 View Post
    Makes no odds if they reboot with mobile substrate blocked ( volume up )
    All the security provided by the locking apps use it so no security!
    I use iCaughtu pro so it doesn't let you power down when the device is locked. I know it doesn't fully keep one out but it adds another level of security when trying to power down and volume up. Sure you can run the battery down and such but if it makes it more difficult for the thief I am glad.
    Last edited by Digitalfeind; 2014-02-07 at 12:39 AM.

  12. #11
    don't give your iDevice to anybody and if you leave it laying around where somebody can get hold of it, I don't think they would try to do this; they'd just leave with your iDevice

    so to sum up, not much of a security flaw if you care about your iDevice

  13. #12
    Green Apple morbidpete's Avatar
    Join Date
    Feb 2012
    Location
    Portsmouth, RI
    Posts
    43
    Thanks
    0
    Thanked 2 Times in 2 Posts

    Quote Originally Posted by edwilk55 View Post
    Glad I password protect settings.
    Have biolock protecting my settings app, along with cydia. iCaughtU Pro and people are more then welcome to try to steal my phone. Only option is DFU mode, but it will still be locked cause they cant remove icloud lol

    But even with all that, we are still vulnerable if they respring to safemode :-(

  14. #13
    Livin the iPhone Life Carvensno's Avatar
    Join Date
    Oct 2010
    Location
    Butte, MT
    Posts
    2,199
    Thanks
    2,734
    Thanked 1,820 Times in 798 Posts

    Average thief isn't going to care. The only thing their going to care about? Is where to pawn or sell off the phone fast to make a quick $$$.

  15. The Following User Says Thank You to Carvensno For This Useful Post:

    LittleGod (2014-02-08)

  16. #14
    Green Apple morbidpete's Avatar
    Join Date
    Feb 2012
    Location
    Portsmouth, RI
    Posts
    43
    Thanks
    0
    Thanked 2 Times in 2 Posts

    Quote Originally Posted by Carvensno View Post
    Average thief isn't going to care. The only thing their going to care about? Is where to pawn or sell off the phone fast to make a quick $$$.
    there going to care when I have a pic of there face trying to unlock my phone

  17. #15
    Livin the iPhone Life Carvensno's Avatar
    Join Date
    Oct 2010
    Location
    Butte, MT
    Posts
    2,199
    Thanks
    2,734
    Thanked 1,820 Times in 798 Posts

    Quote Originally Posted by morbidpete View Post
    there going to care when I have a pic of there face trying to unlock my phone
    Well that's good and more proof for the cops LOL. My comment was just saying in general though.

  18. #16
    Quote Originally Posted by politicalslug View Post
    I have my passcode set to erase the phone after 10 wrong attempts. Sure, they can wipe it, but they can't get my info, either with or without cydia substrate. I suggest you all do they same.
    You do realize that that wiping a jailbroken phone DOES NOT WORK? If you don't believe me, try it. It will appear to be wiping but sit there and spin forever. When you reboot, everything is there. This has been a problem since iOS 6 and the JB devs haven't bothered to fix it.

  19. #17
    This doesn't actually disable FIND MY IPHONE. I tested this on my phone and even though it's "removed" and not in the phone anymore, after a restore, it asks for the original iCloud account information. So deleting it is pointless.

  20. #18
    i am fully protected even with condoms......

  21. #19
    Yea the restriction options protects you from this hack
    Go to Settings > General > Restrictions
    Turn them on.
    Then scroll down to Allow Changes > [Accounts] , and set it to "Don't Allow Changes"
    Problem solved.
    EDIT 2: It might also be a good idea to turn on restrictions of location services as well


    EDIT 3: I wonder though if this is an actual bug or if this guy just used an alias of the same account to accomplish this. Did modmyi confirm this was indeed a bug before it was posted ?
    Last edited by DJonas; 2014-02-07 at 06:49 AM. Reason: EDIT3

  22. #20
    My iPhone is a Part of Me Feanor64's Avatar
    Join Date
    Jul 2010
    Location
    Louisiana
    Posts
    678
    Thanks
    875
    Thanked 463 Times in 248 Posts

    Ok I'm suing apple.

Page 1 of 2 12 LastLast
Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •