iPhone Activation Lock Bypass

Reply Subscribe

Thread Tools

Search this Thread

Mar 30, 2015 | 10:50 pm

gfunkdave

Original Poster

FlyerTalk Evangelist

Join Date: Nov 2002

Location: ORD

Posts: 14,773

iPhone Activation Lock Bypass

I'm shocked that it's apparently possible to bypass Apple's vaunted Activation Lock. Wasn't this designed to make it impossible to use an iDevice that has been lost/stolen? How is this possible?

https://iclouddnsbypass.com/

Comments from the security people out there?

Mar 30, 2015 | 11:08 pm

chris19992

Join Date: Sep 2014

Location: Scotland

Programs: Star Alliance

Posts: 476

Why shocked? anything can be hacked, tricked or spoofed, apple devices are no different(easier actually in many cases)

Mar 31, 2015 | 8:26 am

gfunkdave

Original Poster

FlyerTalk Evangelist

Join Date: Nov 2002

Location: ORD

Posts: 14,773

I'm just surprised that Apple seems to not have put in TLS and certificate validation when connecting to its activation server. DNS spoofing is one of the things that would preclude.

Mar 31, 2015 | 10:49 am

planemechanic

FlyerTalk Evangelist

Join Date: Jan 2006

Posts: 11,439

Does this website actually do what it claims, or is it just a Russian scam website looking for your credit card number?

Mar 31, 2015 | 3:10 pm

WIRunner

FlyerTalk Evangelist

Join Date: May 2006

Location: SEA or BGR, Lower Earth Orbit

Programs: UA 1K

Posts: 17,295

April Fools?

In Soviet Russia we control brightness with black tape.

https://iclouddnsbypass.com/brightne...ack-duct-tape/

Mar 31, 2015 | 6:28 pm

ScottC

FlyerTalk Evangelist

Join Date: Sep 2000

Programs: BA, AA, DL, KLM, UA

Posts: 37,489

Quote:

Originally Posted by WIRunner

April Fools?

In Soviet Russia we control brightness with black tape.

https://iclouddnsbypass.com/brightne...ack-duct-tape/

Not really, just looks like they cover the light sensor.

Pretty crazy that they claim to have 300,000 devices online. Thats a lot of stolen iPhones.

Apr 1, 2015 | 9:34 pm

blsnk

Join Date: Dec 2009

Posts: 43

Can someone clarify this? Isn't rerouting through their DNS pretty much similar to using their site as a proxy except without the speed loss? That pretty much means the site can see everything unencrypted that you send, not to mention the apps you download from them can easily have backdoors hidden in them to act as a middleman and steal your login sessions?

Apr 2, 2015 | 4:43 am

Enhancements

Join Date: Nov 2014

Location: KUL/BOS

Programs: AZ FA+, BA & UA Gold

Posts: 344

Quote:

Originally Posted by blsnk

Yeah- their DNS seems to be a man in the middle exploit, allowing web browser access but not much more. (Everything they have is prolly a web app rather than iOS native)
I'd say encrypted secure data in the iPhone is not accessible, but the chance to get your account credentials phished is high.

Apr 4, 2015 | 1:30 pm

wco81

Suspended

Join Date: Oct 2004

Location: Bay Area

Programs: DL SM, UA MP.

Posts: 12,724

I lost an iPhone 5 in Amsterdam last year. Never showed up on Find Your iPhone so I put it in lost mode, with contact info., a Google Voice number.

When I got home, I got a bunch of texts from a "FindMyiPhone Service!!!" with a URL to click.

Clicking the URL, it showed some iCloud with Eastern European domains. I verified that Apple does not have iCloud with multiple domains. But the art on these pages were exactly like iCloud and it was prompting me to log in with my Apple ID.

Presumably that meant they couldn't hack into the phone without my Apple ID password.

If the iPhone Activation Lock was really bypassed or hacked, it should be making huge waves.

Reply Subscribe

Reply Share

First
Prev
1 / 1
Next
Last

Forum Jump