Biggest Non-Governmental Hack … Apple’s iCloud Breached by Dutch-Moroccan Hackers

iPhone theft accounts to half the crimes in cities like New York and San Francisco, pushing law makers in to imposing legislations that require smartphones to have a kill-switch. The proposed kill-switch technology under the Smartphone Theft Prevention Act allows smartphone owners to turn stolen devices into unreadable and unusable devices. Apple already has Activation Lock, a fail-safe introduced in 2007 to keep stolen devices unreadable.

Image: Hacker Team doulCi

Image: Hacker Team doulCi

A group of hackers have reportedly managed to go around Apple’s iCloud activation lock enabling users to restore iDevices without authentication, exploiting Apple’s security. The attack allows them to intercept Apple ID credentials of users as well as to unlock iOS devices which are practically unusable by activation lock. Known as “Team DoulCi”, member’s @AquaXetine and @MerrukTechnolog created a tool called doulCi (iCloud backwards) which they describe as follows:

doulCi is the world’s first Alternative iCloud Server, and the world’s first iCloud Activation Bypass. doulCi will bypass and activate you iDevice for you when you are stuck at the Apple activation menu. So, why would you use it? For example, if you have forgotten your Apple ID and password or no longer have access to your old itunes-email account then it’s impossible to regain control of your Apple Product!! doulCi is the solution that will enable you to can regain permanent access.

The tool doulCi remains available for thieves to unlock stolen iDevices.

According to security researcher Mark Loman of SurfRight, the attack was possible since the Windows version of iTunes does not verify security certificates properly. Team DoulCi demonstrated the attacks effectiveness by posting screenshots of Apple’s iCloud activation service.

The two hackers posted several screenshots of their success:

The two hackers posted several screenshots of their success.

In a statement given to CultofMac, @AquaXetine had warned Apple of the vunerability in March but the Cupertino-based company did not reply. AquaXetine received an email from Apple today to contact them as quickly as possible. However, the hacker took to Twitter to announce that he deleted the mail posting “There are so too late”.

 

The two hackers spent five months to bypass Apple’s iCloud. They said their motive isn’t to make money, but to make users aware that iPhone and iCloud online storage is not safe.

Thousands of Twitter users from around the world were able to bypass using the tool doulCi. Most of the tweets thanking the two Dutch hackers were from outside the U.S., where stolen iPhones are shipped and sold at premium prices in black market.

Very recently, Apple had patched similar risks in OS X and iOS, leaving Windows vulnerable. Loman believes it may have been left vunerable on purpose to allow intelligence agencies access to iCloud servers.

Until Apple fixes the issue, users are advised to not use iCloud services over public Wi-Fi networks. Remarkably, a well known hacker, iH8sn0w in the iPhone community had also discovered an iCloud activation bypass a while ago. One possible insinuation that comes out from the incident is that their servers will soon be tracked with the Interpol knocking at their doors.

Anna Domanska
Anna Domanska is an Industry Leaders Magazine author possessing wide-range of knowledge for Business News. She is an avid reader and writer of Business and CEO Magazines and a rigorous follower of Business Leaders.

Recent Posts

Ikea and Rockefeller Foundations to raise $10 billion for renewable energy projects in poor countries

Ikea and Rockefeller Foundations to raise $10 billion for renewable energy projects in poor countries

The Ikea and Rockefeller foundations are jointly launching a $10 billion fund to promote small-scale renewable power projects in developing nations. Both
21 hours ago
EC initiates another probe into Google’s adtech practices

EC initiates another probe into Google’s adtech practices

EU antitrust regulators are planning a formal investigation into Google’s digital advertising practices by the end of this year. Google is already facing unprecedented regulatory
1 day ago
Some Microsoft employees stayed at data centers during Pandemic to keep all systems going

Some Microsoft employees stayed at data centers during Pandemic to keep all systems going

The Covid-19 pandemic ravaging the world for more than a year has forced companies and organizations to find viable solutions to keep the business going. Most found a solution in w
2 days ago
Meme stocks frenzy and 3 companies to follow

Meme stocks frenzy and 3 companies to follow

The doom and gloom about the stock market that has been predicted since the pandemic started has abated somewhat with the resilience shown by investors (helped by low-interest rate
2 days ago
US Space Force allows repurposed SpaceX rocket to launch GPS satellite

US Space Force allows repurposed SpaceX rocket to launch GPS satellite

A GPS navigation satellite built by Lockheed Martin is set to ride a reused SpaceX booster on a launch from Cape Canaveral, Florida, Thursday. It will be the first time a military
3 days ago
Disney boss says 40 pc ad revenue went to streaming sites, no plans of ad supported Disney+

Disney boss says 40 pc ad revenue went to streaming sites, no plans of ad supported Disney+

Walt Disney CEO Bob Chapel says the company’s advertising revenue for the upcoming fall television season was strong and went up by “double-digits” compared to 2019.
6 days ago