Yesterday, a new iPhone hack was published. The security flaw allows the hacker to turn off the Find My Phone service Apple provides with their devices - preventing the original owner from tracking, erasing or ringing their iPhone. Security researcher Bradley Williams found an exploit to bypass this, resulting in the loss of the Find My Phone service for that particular device. This exploit can be used on iOS 7.04 and earlier versions.
The security hack takes advantage of Apple's iCloud, and requires very few steps. The method is very easy to follow, as seen in the short YouTube clip below. Williams clearly shows the method can be completed in just a few minutes.
The hack does require hands on contact with the device, as well as knowing any passcode, or relying on a lack of fingerprint id. Although these factors may limit the widespread use of this exploit (many users use the security features), under the right circumstances the exploit could be extremely effective.
Steps to hack 'Find My iPhone':
- Navigate to iCloud in the devices settings.
- Select your account.
- Change the password to an incorrect one, then hit Done.
- When the iPhone displays the 'wrong password' warning, Tap OK and then tap Cancel.
- Reselect your account.
- Clear the description field and then press Done.
You will notice Find My iPhone is now toggled off.
The good news is that the hack has also been tested on iOS 7.1 beta, and has not worked. This means that the exploit is only effective for a limited time. However, be particularly careful in the next few weeks, and passcode or fingerprint protect your device as an additional security measure. Apple strongly recommends using the passcode and fingerprint ID security features to prevent this happening to your iPhone.