Share:

Security Firm Claims iOS 7 ‘Bug’ Can Bypass Find my iPhone Remote Wipes [u]

Share:

Screenshot 2013 10 03 13 25 10

Reuters reports German security company Security Research Labs has devised a way to bypass Find my iPhone and its remote wipe feature within iOS 7. Ben Schlabs, an SRL project manager, told Reuters his new method can thwart security features of Find my iPhone from being initiated on an iPhone 5s:

He was able to put an iPhone 5S on “airplane mode,” cutting off iCloud’s ability to communicate with the device to initiate the features. That bought him time to create a “fake finger” to fool Touch ID.

[…]

Schlabs used a previous-generation iPhone 4S to take the photo. Once he gained access to the iPhone 5S with the fake finger, he looked up the user’s email address. He then went to Apple’s website on an ordinary computer and instructed it to send credentials for resetting its password to the account of the phone’s owner.

At that point, he turned off airplane mode for several seconds: just enough time to retrieve email, but not enough for the “Find My iPhone” feature to disable the device or initiate a wipe.

Once he reset the password, Schlabs said he was able to completely “own” the iPhone: he could take over accounts from outside email providers, and reset passwords by getting email providers to send SMS messages to the hijacked phone.

The issue here is how the hack involves exposing your iPhone 5s via a fake finger and bypassing Find my iPhone by utilizing AirPlane Mode which cuts off your iPhone’s data connection. Essentially this hack is the same as someone knowing your passcode, which would grant full access to your device and private information and then using AirPlane Mode. Do you think this ‘exploit’ is really a concern for users?

Update: Ben from SR Labs has shared the following video demonstrating his exploit of iOS 7 security:

Here are 5 changes he recommends Apple make to further secure iOS 7:

Screenshot 2013-10-03 23.51.50

Share:

  • Daniel Finke

    Not an issue. These silly fake finger solutions are not something the average thief is going to employ. Also a fake finger isn’t a “bug” in any way. It’s just an inherent limitation of finger print technology.

  • Hi Ben, thanks for sharing this, we’ve updated our post. Definitely some huge flaws that need to be addressed, that was scary to watch!

  • SpeedRacer99

    Silly Hacker. Even with this trick, don’t you know that the IP Address of the location where you are hacking from is being recoreded when you reset the passwords etc… FAIL!

  • Jason

    Whether the average person can do this or not is besides the point. This video clearly s
    How’s that apple can easily make some changes That would benefit us all

Deals