Thursday, April 3, 2014

Security Flaw with iOS 7 Allows Thieves to Bypass Find My iPhone Feature

Security Flaw with iOS 7 Allows Thieves to Bypass Find My iPhone Feature


A software glitch with iOS 7 has been discovered and allows the easy deactivation of Find My iPhone, a security feature that enables users to locate lost or stolen devices.
Apple blogger Miguel Alvarado noticed the bug and published his findings in a short Youtube video that outlined the fault.
Alvarado realised that when deleting an iCloud account or restoring a device's settings it was necessary to disable the Find My iPhone feature.
In doing so, Find My iPhone requires the associated password from the iCloud account to be entered. This security feature is intended to prevent thieves from simply removing the account to avoid being tracked.
What Alvarado discovered was that by tapping both the "delete account" and "disable Find My iPhone" switches at the same time, anybody with the phone is able to bypass the tracking feature.
When the potential thief is then asked for a password, all they need to do is restart the phone and go back into the iCloud settings panel where the account can be deleted without the need for a password.
Alvarado hopes that by publishing his findings, attention to the issue will encourage Apple to fix the bug.
"This video is intended for educational purposes only," Alvarado said. "Please share it so Apple can fix it soon."
"Make sure you always have a passcode lock on your device or this could happen to you if your iOS device gets lost or stolen."
It is the second embarrassing lapse for Apple in as many months, with the firm recently releasing a security fix for iOS 7 after a major flaw was discovered that allowed hackers to intercept email and other communications.
Apple is yet to comment on the latest software glitch report.

No comments:

Post a Comment