Apple introduced the Find My iPhone Activation Lock as a way to prevent people from using stolen iPhones. But some hackers and scammers found a way to break iCloud locked iPhones (via Motherboard).
[Stolen iPhone Guide: What You Can Do if Your iPhone is Stolen]
iCloud Locked iPhones
iCloud locked iPhones are usually worthless unless you sell them for parts. You can’t use them without the owner’s passcode and the owner’s Apple ID can’t be unlinked from it.
A couple of ways to bypass the activation lock is phishing and scamming Apple Store employees. It’s a bit tricky because an iCloud locked phone isn’t necessarily stolen. They could be returned to a carrier as part of a phone upgrade plan. Currently there are three ways to remove an iCloud lock:
* The password to the original owner’s iCloud can be entered to remove it, which a hacker could obtain via phishing.
* An Apple Store manager can override iCloud. Scammers can trick Apple Store managers into unlocking a device they don’t own.
* The iPhone’s CPU can be removed from the Logic Board and reprogrammed to create what is essentially a “new” device (this is very labor intensive and rare. It is generally done in Chinese refurbishing labs and involves stealing a “clean” phone identification number called an IMEI.)
There’s a sort of dark market for iCloud locked iPhones. When a customer returns an iPhone to their carrier, employees are trained to ask them to turn off iCloud on the phone. But sometimes that doesn’t happen. Carriers can’t do much with these phones so they get sold in bulk in private auctions.
Some black market resellers use iCloud phishing kits. Designed to be easy to use, the kits are a set of tools a person can use to trick the original owner into giving up their Apple ID password.
The hacker can send specially-crafted text messages that look like they came from Apple. Then, they send the victim a fake map of where the person’s phone has been discovered, to make it look more legitimate.
If a person doesn’t fall for the phishing, the next step is to social engineer Apple employees. In one example, a fake receipt can be generated and taken to an Apple Store: “Hey, I forgot my Apple ID information, but here’s a receipt.” Apple lets retail employees unlock an iPhone if a customer brings in their original receipt.
The way I justify it in my head is, someone is going to use this phone either way and it’s better for the environment if I use it for parts than just letting it go to waste. I don’t sit there and unlock iClouds because I don’t want to make individual moral calls on whether each phone is legitimate. But there’s a huge demand for it.
Mick Ventocilla, owner of Lakeshore Tech Repair
You can use CheckM8 Exploit to hack iCloud lock, for example the free CheckM8 tool with built-in checkRa1n jailbreak can bypass activation on iPhone easily!