iCloud Flaw Lets ANYONE LOCK Your iPad or iPod If They Know Your Serial Number - Protect Yourself

To clarify this appears to only affect devices without IMEI numbers, such as iPads and iPods. Although cellular iPads can be modified physically to preform the reprogram. Wether someone can use a cellular iPad or iPhones information to unlock a non cellular device (therefore locking the cellular device) remains to be seen.

HughJeffreys

If Apple really cared, they could ask you for example after 1 year without activity, if the device in your iCloud Account should exist. People who throwed their phone away could remove it, people who lost it or got it stolen could still let it in their accounts.

MrRicky

But Apple says everything they do is for your own protection. Apple wouldn't lie, would they?

MayaPosch

Apple's "security" features are not for the users, are for the shareholders

blar

This serial swapping doesn’t affect iPhones and cellular iPads as their imeis are brunt into the baseband chip thus will cause a mismatch and prevent activation

rafaelappleseed

The biggest problem is iCloud locking itself.
Literally nobody else other than the user is hurt by it.
If somebody steals your phone, they are going to sell it as a scam to somebody else, without telling them it's iCloud locked.
Now both the original owner has lost their phone and the new owner has a very expensive paperweight and 1000$ less in their pocket.
Whoever stole it is the only one who won anything out of this.
Imo, iCloud locking should be made illegal.

myrmeko

I have many devices for sale on my eBay store and after seeing this video, need to go back and change all my listings to not include the SN. Thank you for making me aware of this issue. Especially since several of those phones are iPhone 7, 8, 8+ and SE 2016 which are all affected.

APRkNSP

If EU regs forced Apple to put USB-C on the 15, then we need more regs to make phones more repairable and force Apple to change their stupid activation lock bs.

TigerTanker

Just note that systems similar to Apple's activation lock system are also implemented on the android side, just not as universally.
The original owner's Google accounts can be required to setup an Android phone that was wiped the 'wrong' way - it's 'Factory Reset Protection (FRP)'.
Samsung also has 'Knox' which can do a similar thing (although is designed to do a lot more, for enterprises)

nottimothy

You need serial numbers on phones to verify if the phone is "unlocked" for a network (not the phone or apple account lock ) This means if you buy a phone without seeing the serial number you take a risk on it not working. Like the person owes money on it for example. But, in turn if you share the number to prove it is unlocked and can be put on any network you risk someone using the exploit in this video. All in all, this makes owning, buying, or, selling an iPhone risky business.

CaseyDplays

0:37 This exploit also affects Apple Watch models from the Series 0 to Series 3. In fact, I used this exploit to make my old Series 3 watch think it’s a Nike+ model, allowing me to have access to those faces on my non-Nike watch running watchOS 8, the last version the Series 3 supports. Those Nike watch faces became available on all Apple Watch models (Series 4 and later) in watchOS 9.

thomashammond

This also applies to samsung devices. What I see happening is that people get a phone with a subscription. Then they don't pay and sell the phone in the mean time. After that the phone company locks the phone and it becomes completely useless.

PiratCarribean

Im just blown away by the range of devices this effects. how could something this crippling go unfixed for 6 years??

lenshibo

Apples security claims ALWAYS hurt the consumer more than the thief. ALWAYS.

Mr.Unacceptable

My programming teacher in college used to say this - “The more functions and variables and features you add to your code, the more edge cases and loopholes you create - some of which you wouldn’t even know exists”
Seems to be the same case here, apple has so many security checks and functions in place that there are several loopholes.

its_argho

So does Tesla.. And everyone else.

This vulnerability is obviously an issue and they've fixed it with hardware which is great. Activation lock is a good thing, since people are more likely to ditch an iPhone and find it again or have it anonymously handed in as opposed to someone just wiping it and selling it.

MatWilson

Imagine if that happens on iMac and Macbook. It's the biggest nightmare that someone spends on $4999 if for one day they didn't write the important apple ID, it's a giant pain.

thelightbrigadef

As an Android user, I find this video very informative. Thanks.

Mee

The other major concern about the current icloud fmi logic is how they introduced “unlock with passcode” option starting with iOS 13, which makes any iphone with failed Face ID extremely vulnerable: the thief only needs to see the passcode you type in and then they can just steal it and do a 3utools restore command (easy to do on the go, only requires a laptop and takes less than 5 minutes to execute), and then fully unlock the phone using just the password. Yes you can lock the phone by IMEI, but that would only block the cellular ability. Imagine its a 14 Pro (but only works in “ipod mode”) it can still be sold for $300 just fine.

nikitazaycev

As far as I know, Android has Factory reset protection as well, but instead of iCloud, it's linked to a Google account. Same thing there, if you factory reset, you won't be able to use your device without the Google account that was used for it. This is only for devices that ship with Google services tho.

There were ways to bypass FRP, but I don't know if they still work.

xenos