How Criminals Are Bypassing Stolen iPhone Lock Features

Criminals have developed several methods to unlock stolen iPhones that have been locked through iCloud.

Back in 2013, Apple introduced a security feature in the iPhone designed to make the device less attractive to thieves. Since an iPhone can only be linked to a single iCloud account, a thief would need to completely remove this account to resell the device, which is impossible without the iCloud password. The password is also required to reset the iPhone to factory settings.

As long as the iCloud account remains active, the real owner can remotely lock the device and track its location using the Find My iPhone feature. This means a stolen iPhone tied to its original owner’s iCloud account is essentially useless to thieves (they can only sell it for parts).

This security feature did help reduce the number of thefts, but resourceful criminals have still found ways to bypass it, according to Motherboard. Thieves, programmers, and hackers have joined forces to discover methods for bypassing iCloud locks and successfully selling stolen iPhones.

The scheme, known as “iCloud unlock,” involves using fake receipts and invoices to convince Apple that the thief is the legitimate iCloud owner, accessing databases with smartphone information, and employing social engineering tactics in Apple Stores.

To remove iCloud, criminals either obtain the password from the victim (often through phishing), trick an Apple Store employee into unlocking the stolen device, or, in rare cases, physically remove the device’s central processor from the motherboard and reprogram it. In some instances, thieves even threaten victims with physical harm to force them to delete their iCloud accounts.

There are even specialized hacker communities in messaging apps dedicated to unlocking iPhones for resale. Members share their experiences and post screenshots of successful hacks. Some hackers work on dozens of devices at once.