Apple phones may be at risk of being unlocked and resold via an underground hacking service.
An underground group called Checkm8.info is offering a way to strip the “Activation Lock” from iPhones, which is a feature implemented to prevent phones from being sold for profit after being stolen. The lock can be used when setting up Apple’s “Find My” tracking service. The message that shows up when prompted asks for the Apple ID and password that were used to initially set up the phone.
Checkm8.info says that their service, while it can be used to strip the lock from certain iPhones, isn’t used by thieves. The group’s administrator wrote an email to Motherboard, stating that it’s their goal to repair electronics in order to address issues like e-waste and environmental damage. Oftentimes it’s difficult for people who repair or refurbish Apple phones to bypass the Activation Lock, and many phones in good working condition have been destroyed when they could have been reused.
iOS experts believe that while some users may have legitimate reasons for using such a service, it’s likely still being used to remove protections from stolen smartphones. The group is using checkra1n, which is a jailbreaking tool, with an exploit called checkm8. According to the checkm8.info website, the service will only work for iOS versions 12 through 14.8.1. This includes devices up to the iPhone X.
Newer iPhones don’t contain the same bootroom code exploit that previous phones have.
Once a user downloads, installs and opens the tool, they can plug the device they want to unlock into their computer. In order to complete the process, a user has to buy a license at $69.99 (now $49.99) per license. The group’s reseller program allows vendors to buy licenses in bulk.
There’s some criticism surrounding Apple’s strict policy regarding locking devices and accounts under their jurisdiction. The company’s policies can make it difficult for regular users who may have gotten their accounts locked to unlock them again.
While it’s unclear which, if any, groups or users are using this service for nefarious purposes, it’s wise to keep your devices in a well-known spot, or wipe your devices before selling or trading them in.
Sign up to our mailing list to receive more IT related educational information: