Owners of Apple’s iPhone have the dubious honor of possessing one of thieves’ most sought-after gadgets. In fact, the New York Police Department recently pointed out that thefts of Apple devices were largely responsible for the rise in crime last year. With that in mind, it’s easy to see why lost and stolen device recovery systems such as Apple’s Find My iPhone are hugely important, and we have read several stories about such mechanisms helping people recover their lost devices. But what happens when systems like Find My iPhone can be removed from a stolen iPhone in mere minutes?
A massive security flaw has been discovered in iOS 7 and iOS 7.1 that makes it impossible to recover stolen iPhones.
YouTube user Miguel Alvarado posted a video picked up by 9to5Mac that shows how the flaw works.
Basically, the thief merely has to tap on the toggle next to Find My iPhone and the Delete Account button in iCloud settings at the same time, and then power down the phone. When the phone is turned back on, the thief will be able to remove the iPhone’s associated iCloud account without having to enter a password.
The phone can then be plugged into iTunes, wiped clean and restored without issue.
An important note: The thief needs access to the device’s settings in order to exploit this flaw, so this is yet another reminder of just how important protecting your device with a PIN code, password or TouchID really is.
This isn’t the first time flaws that might prevent people from recovering stolen iPhones have been discovered. Late last year, for example, news spread of an Apple omission that could let thieves easily prevent Find My iPhone from operating unless the iPhone owner manually disabled a default Control Panel feature.
The video showing exactly how this new, far more serious flaw works is embedded below.