Click to Skip Ad
Closing in...

This huge iOS 7 security flaw makes it impossible to recover your stolen iPhone

Updated Apr 3rd, 2014 11:29AM EDT
iOS 7 Security Flaw

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Owners of Apple’s iPhone have the dubious honor of possessing one of thieves’ most sought-after gadgets. In fact, the New York Police Department recently pointed out that thefts of Apple devices were largely responsible for the rise in crime last year. With that in mind, it’s easy to see why lost and stolen device recovery systems such as Apple’s Find My iPhone are hugely important, and we have read several stories about such mechanisms helping people recover their lost devices. But what happens when systems like Find My iPhone can be removed from a stolen iPhone in mere minutes?

A massive security flaw has been discovered in iOS 7 and iOS 7.1 that makes it impossible to recover stolen iPhones.

YouTube user Miguel Alvarado posted a video picked up by 9to5Mac that shows how the flaw works.

Basically, the thief merely has to tap on the toggle next to Find My iPhone and the Delete Account button in iCloud settings at the same time, and then power down the phone. When the phone is turned back on, the thief will be able to remove the iPhone’s associated iCloud account without having to enter a password.

The phone can then be plugged into iTunes, wiped clean and restored without issue.

An important note: The thief needs access to the device’s settings in order to exploit this flaw, so this is yet another reminder of just how important protecting your device with a PIN code, password or TouchID really is.

This isn’t the first time flaws that might prevent people from recovering stolen iPhones have been discovered. Late last year, for example, news spread of an Apple omission that could let thieves easily prevent Find My iPhone from operating unless the iPhone owner manually disabled a default Control Panel feature.

The video showing exactly how this new, far more serious flaw works is embedded below.

Zach Epstein
Zach Epstein Executive Editor

Zach Epstein has been the Executive Editor at BGR for more than 15 years. He manages BGR’s editorial team and ensures that best practices are adhered to. He also oversees the Ecommerce team and directs the daily flow of all content. Zach first joined BGR in 2007 as a Staff Writer covering business, technology, and entertainment.

His work has been quoted by countless top news organizations, and he was recently named one of the world's top 10 “power mobile influencers” by Forbes. Prior to BGR, Zach worked as an executive in marketing and business development with two private telcos.