Professional Documents
Culture Documents
4K
Hackers have discovered an exploit that makes it easy to defeat the Activation
Lock on iPhones. Photo: Jim Merithew/Cult of Mac
The recently revealed exploit that allows anyone to bypass the iPhones Activation Lock
system is a rather simple process that requires adding just a single line of code to a
computer running iTunes.
The exploit, which is called DoulCi (iCloud backward), has already been used
thousands of times on locked iPhones and iPads around the world. Its the work of a pair
of anonymous hackers, who cracked Apples theft-deterrent measure by tricking lost or
stolen iOS devices into thinking they are being reactivated by Apples servers.
Introduced in iOS 7, Activation Lock is designed to render a lost or stolen iPhone useless
unless it is recovered by its proper owner. Its a powerful tool designed to help protect
iPhone owners who fall victim to street thieves who find Apple products irresistible.
When Apples Find My Phone app is turned on, an iDevice can be tracked by its owner
through iCloud.com and remotely wiped if necessary.
Say a thief snatches an iPhone, it gets remotely wiped by the owner, and the thief
attempts to restore the iPhone so it can be used again as a new device. Thats when
Activation Lock comes into play. During the setup process after a restore, the Apple ID
and password originally associated with the device needs to be entered. If that login info
cant be provided, the iPhone cant be reactivated with Apples iCloud servers. You have
a bricked iPhone that cant get past the initial setup. All its good for is spare parts.
By performing what is commonly referred to as a man-in-the-middle attack, the DoulCi
exploit intercepts web traffic between the iPhone and Apples servers.
image: http://cdn.cultofmac.com/wp-content/uploads/2014/05/Screen-Shot-2014-05-22-at4.24.29-PM-640x446.jpg
The hosts file maps IP addresses to domain names, directing the computers network
traffic. The hosts file takes precedence over the public and private DNS servers that are
used to map IP addresses. Usually you should leave the hosts file alone, but
its sometimes edited override the computers DNS system, manually rerouting IP
addresses to block spam or malicious software.
Obviously, modifying the hosts file is a potential security risk. It might not be a good
idea to route your data through a shady IP address controlled by a pair of
anonymous hackers. Luckily, modifying the hosts file isnt super easy. Its a multistep
process that varies depending upon which operating system you are using. Heres a
good overview of how to edit the hosts file on different Mac and Windows systems.
2) The lost/stolen iPhone is then plugged into a Mac or PC running iTunes and put
into DFU/Recovery mode. To do this, turn off the device. Turn it back on, holding down
the Sleep/Wake button for three seconds, and then without releasing the Sleep/Wake
button begin holding the Home button for an additional 10 seconds. Release the
Sleep/Wake button but keep holding the Home button until iTunes recognizes your
device and Recovery mode begins. iTunes will restore the iPhone to a blank state, and
the normal setup process begins while the iPhone is connected to the computer with
iTunes open.
3) This is where things get shady. When the device attempts to contact Apples server to
see if it needs to be activated, the line added to the hosts file reroutes the ping through
DoulCis servers instead. The iPhone thinks its talking to Apple when its really talking
to the hackers server.