How hackers unlock stolen (or not) stolen iPhones locked by iCloud

When we deal with Stolen iPhonesWe usually get the idea that that device will become a “paperweight” or so that it will be disassembled and its parts sold to the parallel market. In this sense, we rarely think that the device will actually be unlocked and used as a new one (at least here in Brazil), but the fact that in the United States this is more than a reality: a market.

It was this “world” that the Motherboard investigated, which resulted in a report on the market behind the unlock of stolen iPhones (or even not exactly subtracted from any). To understand what hackers (actually crackers, as they would be criminals) do to circumvent Apple's security techniques, we need to remember the steps to unlock an iOS device.

Most of the time, the security code is the first barrier that prevents anyone from accessing these devices. In addition, when restored (or deleted), the gadget requires the password of the account holder 's Apple ID linked to that device to allow iCloud' s Find My iPhone Activated Lockdown access (which allows you to remotely locate, lock, or erase your device).

That said, here's what the Motherboard He found: In the "simplest" cases, thieves asked victims to enter their passwords to disable Search My iPhone and thus log out of iCloud on that device. However, the most advanced techniques include blows of phishing, creating fake shopping receipts and even replacing the iPhone / iPad logic board to create a “new” device (from a cloned IMEI of an unstolen device).

In the case of stolen iPhones, crackers use parallel tools to find out if the iPhone has been locked or not by the user via iCloud before starting the process to bypass iOS security features. In addition, these scams are usually applied sequentially; that is, if the person does not fall into the attack of phishing We even commented on this type of attack a few times (1, 2, 3) and the scammer then appeals to Apple himself.

<img data-attachment-id = "655895" data-orig-file = "https://.uol/wp-content/uploads/2019/02/07-motherboard-ipad-blocked.jpg" data-orig-size = "853,1280" data-comments-opened = "1" data-image-meta = "{" aperture ":" 0 "," credit ":" "," camera ":" ", "caption": "", "created_timestamp": "0", "copyright": "", "focal_length": "0", "iso": "0", "shutter_speed": "0", "title": "", "orientation": "1"} "data-image-title =" Stolen iPad Alert "data-image-description ="

Image: https://motherboard.vice/en_us/article/8xyq8v/how-to-unlock-icloud-stolen-iphone

"data-medium-file =" https://.uol/wp-content/uploads/2019/02/07-motherboard-ipad-blocked-400×600.jpg "data-large-file =" https : //.uol/wp-content/uploads/2019/02/07-motherboard-ipad-blocked-840×1260.jpg "src =" https://i0.wp/.uol. com/wp-content/uploads/2019/02/07-motherboard-ipad-blocked.jpg?w=377&h=566&ssl=1 "width =" 377 "height =" 566 "original-width-" = 377 "data-original-height =" 566 "itemprop =" "title =" Stolen iPad Alert "alt =" Stolen iPad Alert "style =" width: 377px; height: 566px; "/> <img data-attachment-id =" 655896 "data-orig-file =" https://.uol/wp-content/uploads/2019/02/07-motherboard -iphone-locked.jpg "data-orig-size =" 960,1280 "data-comments-opened =" 1 "data-image-meta =" {"aperture": "0", "credit": "", "camera": "", "caption": "", "created_timestamp": "0", "copyright": "", "focal_length": "0", "iso": "0", "shutter_speed": " 0 "," title ":" "," orientation ":" 1 "}" data-image-title = "iPhone locked by iCloud" data-image-description = "

Image: https://motherboard.vice/en_us/article/8xyq8v/how-to-unlock-icloud-stolen-iphone

"data-medium-file =" https://.uol/wp-content/uploads/2019/02/07-motherboard-iphone-blocked-450×600.jpg "data-large-file =" https : //.uol/wp-content/uploads/2019/02/07-motherboard-iphone-blocked-945×1260.jpg "src =" https://i2.wp/.uol. com/wp-content/uploads/2019/02/07-motherboard-iphone-blocked.jpg?w=425&h=566&ssl=1 "width =" 425 "height =" 566 "date-original-width =" 425 "data-original-height =" 566 "itemprop =" "title =" iCloud Locked iPhone "alt =" iCloud Locked iPhone "style =" width: 425px; height: 566px; "/>

Images of locked iOS devices shared in Telegram groups.

O Motherboard has had access to several Telegram groups where dozens of people not only share stolen / locked iOS device images and techniques, but also sell fake iPhone receipts for up to $ 150 (mostly carrier invoice copies).

With the fake receipt in hand (registered with an approximate purchase date), the thief “proves” that the owner of the device in any Apple Store (or by email, which is even more absurd) and requests the unlock of the gadget. According to Mick Ventocilla, owner of a repair shop for gadgets, he meets people from the iPhone repair industry who do the same tactic.

I can buy an iCloud locked iPhone X for $ 220, take it apart and earn $ 550 over the course of a few months. But there are many people who pay $ 220 and then think, "If I can bypass iCloud, I instantly have a $ 700 device in my hand." And I'm making this money a lot faster.

As we said, there are cases of locked iPhones that have not been stolen, such as when someone hands over their device to purchase another one in the classic iPhone programs. trade-in. Obviously, Apple doesn't work with hackers or third parties to unlock these devices, but in other stores that also carry out such promos, these are some of the techniques used to prevent the device from going to waste, as Ventocilla explained:

The way I justify it in my head that some will use this phone anyway and it's better for the environment if I use its parts than just waste it. I don't sit there and unlock iCloud accounts because I don't want to make individual moral calls to find out if each phone is legitimate. But there is a huge demand for it.

When replacing the CPU of iOS devices to bypass Search My iPhone, the Motherboard He said this is an extremely rare tactic, most often performed in refurbished device labs in China.

As serious as cloning an unstolen iPhone is perhaps the market behind access to Apple Global Service Exchange (GSX), the company's internal system that only authorized Ma technical assistance should use. According to the report of Motherboard, GSX access keys sell for $ 200; However, the newspaper pointed out that most of the offers found appear to be scams.

The fact that the cracker community and the iPhone unlock market has grown as iCloud's device sales have stalled. In many cases, it is not only the Apple system that is mocked as the reception itself that is veiled by the aforementioned techniques that can (literally) change the registration of a device. If the subject has interested you, check out the full report of the Motherboard.

via 9to5Mac