An exploit found in the most recent version of iOS 7 allegedly allows would-be thieves to easily—and I mean easily—disable Find My iPhone, no password necessary. The potential flaw would be huge because Apple’s system is in place as a theft deterrent (among other things)—without the function turned on, tracking down a lost iPhone is nigh impossible unless you’re Sherlock Holmes. It’s kind of astonishing how incredibly easy it is to bypass the feature.
As detailed by Bradley Williams (video below), via MacRumors, the method involves a few simple steps, and requires very little expertise. As it stands, when you try to turn Find My iPhone off, a password is needed to disable the function—probably not information a thief would have. But making a few simple changes to your iCloud account completely negates the security Apple has in place.
When you jump into your account, change your iCloud password to any combination of characters, and hit done. The software will then alert you that your username and password is incorrect. Hit OK, and go back to the main iCloud menu by pressing cancel. Jump back into your iCloud account, and under description, delete whatever name you have in place (probably just “iCloud”), and leave it blank. Hit done, and you’ll be taken to the main iCloud menu. Scroll down, and Find My iPhone will be off.
See? Astonishingly easy, and pretty mind blowing. However, while Find My iPhone can be disabled and, without iCloud information, the device erased, Apple’s Activation Lock system will still be intact. If a device is erased, it’ll remain locked to the original account until that Apple ID information is properly entered during the setup process.
The easiest way to stop thieves in their tracks is to implement a passcode or use Touch ID; this exploit relies on a phone already being unlocked. Apple hasn’t commented on the exploit, but hopefully we’ll see a fix promptly developed for iOS 7.1 – during testing MacRumors said it could not duplicate the exploit on a device running the beta version of 7.1 – which we’re expecting to hit consumer devices soon.