Any chance of a tl;dw synopsis?
The video takes a long time to say this:
There’s a new (and concerning) service known as “Plist FMI off” which appears to be able to unlock an iPhone that would otherwise be locked and useless to thieves.
Disabling iCloud lock / Find My iPhone lock should be something only possible by someone working from inside Apple – thus implying that there’s likely an insider involved in this. Or at the very least, a security flaw in Apple’s network that’s allowing this to happen.
The Youtuber seems to think that Apple should be forthcoming about declaring this vulnerability exists. IMHO, he is wrong to think that. Declaring the flaw before it’s been patched would only create a rash of iPhone thefts.
Ideally, Apple is now aware of this situation, and is doing internal investigations to correct it.
I wouldn’t say an insider is necessary for this to be possible. No software is perfect and there’s a big market for iPhone exploits and plenty of hackers trying to find them.
Hopefully this can be patched in iOS 17 or ideally sooner. Worst case is this uses some form of hardware flaw that can’t be patched.
The exploit would be on Apple’s backend servers rather than on device, with some jailbreaks you can bypass activation lock but your unable to use Apple services or even some functionality such as cellular. For an activation bypass there either needs to be a backend server exploit or an apple employee working with the service.
I can only vouch for Apple certified repair technicians but we need to have the customer provide proof of purchase such as a verified receipt and we can fast track the unlock process by sending it directly to the iCloud support department but we can’t unlock the device in our store and we can’t even take the device in for repair if the customer is unable to prove the device is their own(generally this is just unlocking the device or logging into their iCloud account and checking that the serials match but a original receipt also works)
Many thanks!
But to get to the point that the vulnerability is now being used as a service, doesn’t that mean it’s been there for a while?(I think he mentions that there’s another company that did a bunch of research on the service and the vulnerability for a long time), and if Apple hasn’t given any attention to this major security problem how else will they get pressured into working on a fix? Idk, for me it’s the best way forward given their lack of attention to the problem so far. Also, if I’m not mistaken, it falls in line with a “common practice” that some security researches do, which is to warn the company of the problem, and if they don’t act on it after a certain amount of time, they disclose it to the public so there’s pressure for a fix.
(full disclosure, I used to work at HQ in Cupertino) … it’s not generally Apple’s M.O. to respond to things like this with, at most, “we received your message”.
Apple’s infosec team is almost certainly looking into this, assuming the report made it’s way to them. I’ll reach out to some of my contacts there n’ make sure they’re at least aware of the exploit.
Given how guarded Apple is about revealing anything, I wouldn’t expect much of a response though, even from a friend.
deleted by creator
Good question. I will always and forever downvote random links to YouTube videos!
I was under the impression that organised thieves had software that could reset stolen Iphones - otherwise why would they steal them? Is this exploit new?
If you steal an iPhone and forget to ask the victim for a PIN at knifepoint, you can still sell it bricked for parts. Search for locked iPhones on eBay, they go for $100 to $200.
Does that mean the serialisation of parts isn’t particularly effective at reducing thefts? I’ve been wondering about this as some say it is effective and others say it isn’t 🤔.
Serialization is only on certain parts so things such as housings or charging ports still have good value and serialization is on a specific chip so while those parts do sell for less, a skilled repair technician could move the chip over assuming the whole part isn’t fried and it’s just damaged. There is less value in locked phones but there is still material value and they often steal the phone then get the phone number for the device and try to trick the user into removing the device or phishing their Apple ID as find my doesn’t require two factor to remove, only the password.
Thanks for this information. This is one of the reasons I bought an iPhone… sucks