Apple is late to respond to the discovery of the flaw, iOS 7.1.2 likely on the way
Hacking team doulCi, comprised of MerrukTechnolog & AquaXetine, have managed to bypass Apple’s iCloud Activation Lock failsafe, allowing users with locked devices to get them up and running again. The news may sound good at first, but their hack actually circumvents a security measure meant to thwart iPhone thefts.doulCi (which is actually an anagram of iCloud) is where people with locked iDevices can go and have them freed in seconds.
The doulCi site explains every step of the process, with the hacker duo noting in black over white that “doulCi was built with love for the people, to give them a second chance to get there [sic] iDevices working again for simple use,and we have made this project because we are thinking about you and how we can be helpful for you and your family.”
However, the hack indirectly also allows iPhone and iPad thieves to get their stolen goods up and running again, essentially making these devices sellable on the black market.
“This amazing tool called doulCi can get bypass the iCloud Activation Lock and get your device working again partially to get back your digital life, contacts, mail, notes, etc.,” the team confirms.
MerrukTechnolog & AquaXetine clarify that “doulCi is built only for personal use, and conditionally for the original owners which have lost/got hacked or forgot there login info.” Of course, that’s not going to stop criminals from using the tool to turn a profit selling stolen iDevices. The hackers also credit PilzXtac as their “partner in crime.”
To their credit, the duo claim to have tipped Apple off regarding the discovery of their flaw in iOS/iCloud. Apple, in typical manner, was late to answer and has yet to close the hole.
“They have asked me to contact [them] as quickly as possible, but why now?” AquaXetine told Cult of Mac. “I’ve already warned Apple couple months ago.”
The Mac-centric site asked security researcher and iOS hacker Steven De Franco for his take on the vulnerability. De Franco described it as a “man-in-the-middle attack,” adding that “It seems like it’s a firmware related bug. So it would require a new update [from Apple] to patch it.”
In other words, expect iOS 7.1.2 to drop fairly soon (now that the word is out) and for those of you stuck with locked devices, now’s your chance to free them and make them usable again. See the doulCi site for more information.