Biggest Non-Governmental Hack … Apple’s iCloud Breached by Dutch-Moroccan Hackers

iPhone theft accounts to half the crimes in cities like New York and San Francisco, pushing law makers in to imposing legislations that require smartphones to have a kill-switch. The proposed kill-switch technology under the Smartphone Theft Prevention Act allows smartphone owners to turn stolen devices into unreadable and unusable devices. Apple already has Activation Lock, a fail-safe introduced in 2007 to keep stolen devices unreadable.

Image: Hacker Team doulCi

Image: Hacker Team doulCi

A group of hackers have reportedly managed to go around Apple’s iCloud activation lock enabling users to restore iDevices without authentication, exploiting Apple’s security. The attack allows them to intercept Apple ID credentials of users as well as to unlock iOS devices which are practically unusable by activation lock. Known as “Team DoulCi”, member’s @AquaXetine and @MerrukTechnolog created a tool called doulCi (iCloud backwards) which they describe as follows:

doulCi is the world’s first Alternative iCloud Server, and the world’s first iCloud Activation Bypass. doulCi will bypass and activate you iDevice for you when you are stuck at the Apple activation menu. So, why would you use it? For example, if you have forgotten your Apple ID and password or no longer have access to your old itunes-email account then it’s impossible to regain control of your Apple Product!! doulCi is the solution that will enable you to can regain permanent access.

The tool doulCi remains available for thieves to unlock stolen iDevices.

According to security researcher Mark Loman of SurfRight, the attack was possible since the Windows version of iTunes does not verify security certificates properly. Team DoulCi demonstrated the attacks effectiveness by posting screenshots of Apple’s iCloud activation service.

The two hackers posted several screenshots of their success:

The two hackers posted several screenshots of their success.

In a statement given to CultofMac, @AquaXetine had warned Apple of the vunerability in March but the Cupertino-based company did not reply. AquaXetine received an email from Apple today to contact them as quickly as possible. However, the hacker took to Twitter to announce that he deleted the mail posting “There are so too late”.

 

The two hackers spent five months to bypass Apple’s iCloud. They said their motive isn’t to make money, but to make users aware that iPhone and iCloud online storage is not safe.

Thousands of Twitter users from around the world were able to bypass using the tool doulCi. Most of the tweets thanking the two Dutch hackers were from outside the U.S., where stolen iPhones are shipped and sold at premium prices in black market.

Very recently, Apple had patched similar risks in OS X and iOS, leaving Windows vulnerable. Loman believes it may have been left vunerable on purpose to allow intelligence agencies access to iCloud servers.

Until Apple fixes the issue, users are advised to not use iCloud services over public Wi-Fi networks. Remarkably, a well known hacker, iH8sn0w in the iPhone community had also discovered an iCloud activation bypass a while ago. One possible insinuation that comes out from the incident is that their servers will soon be tracked with the Interpol knocking at their doors.

Avatar
Anna Domanska
Anna Domanska is an Industry Leaders Magazine author possessing wide-range of knowledge for Business News. She is an avid reader and writer of Business and CEO Magazines and a rigorous follower of Business Leaders.

Recent Posts

Elior acquires Nestor, the single meal food delivery startup

Elior acquires Nestor, the single meal food delivery startup

Elior, the corporate catering company, has acquired the French startup Nestor for an undisclosed amount. Nestor, a Paris, France-based food delivery service, started in 2015 with a
2 days ago
Axa gears to buy office space worth €800m in European cities

Axa gears to buy office space worth €800m in European cities

Axa Investment Managers, the French fund house, is not too worried about predictions that the post-pandemic world will see more people working from home and office real estates shr
3 days ago
ShareChat raises $502 million at $2 billion valuation

ShareChat raises $502 million at $2 billion valuation

ShareChat, the Indian owner of short video app Moj, has raised $502 million in the series E round of funding, pushing its value at $2.1 billion in the market. The five-year-old com
3 days ago
Small business groups form coalition to lobby for strong antitrust laws

Small business groups form coalition to lobby for strong antitrust laws

Small merchant groups are coming together to rally for strong antitrust laws to prevent big conglomerates like Amazon from swallowing up the smaller traders and businesses. Trade g
3 days ago
Vitol’s profit soars during 2020 oil crisis

Vitol’s profit soars during 2020 oil crisis

The world’s largest independent oil trader Vitol made record profits in 2020 as the fluctuations in the global energy markets resulted in a windfall. Vitol suffered an $85 billio
5 days ago
Seadrill proposes debt write off of $4.8 billion

Seadrill proposes debt write off of $4.8 billion

Seadrill Ltd., a deepwater drilling contracting company, owned by billionaire John Fredriksen, said it is ready to write off a debt of over $4.8 billion, giving lenders a 99 perce
5 days ago