A serious bug that finds "Discover iPhone" function disabled without password entry is found

IOS 7You can remotely locate the iPhone and sound an alarm sound "Find iPhone"Function is installed and it searches by sounding an alarm tone when there is no iPhone on hand, or in case of encountering the theft damage, specify the location of iPhone or use alarm sound instead of alarm I can do it. However, a hacking method has been discovered that can disable this "search for iPhone" function without entering a password and reset the "iCloud account" without entering a password.

IOS 7 Bug Allows Disabling of 'Find My iPhone' Without Password - Mac Rumors

Security flaw in Find My iPhone iCloud Lock BYPASS. Activation Lock Bypass - YouTube

This is the iCloud screen of "iOS 7.0.4".

I will try "Search for iPhone." Click "Play Sound" from the PC ... ...

The iPhone sounded an alarm tone.

To invalidate this "search for iPhone" function ......

In this way, people who do not know the password can not disable this function because you are prompted to enter the password.

Similarly, it is necessary to enter a password to delete an account.

Let's try disabling the function of searching for an iPhone bypassing the password. Tap iCloud.

Tap "Account".

Tap the password entry field ......

Delete the previously entered password.

Enter a random password.

Tap "Done (Completed)".

"User name or password is incorrect" (User name or password is incorrect) appears. Tap "OK" for the time being.

Tap "Cancel" at the top left of the screen.

Tap "Account" again.

Tap "Description".

Delete "iCloud" which is input in advance.

Leave the description blank and tap "Done (Completed)" at the top right of the screen.

Especially you will not be prompted for a password ...

I was able to disable the "Find My iPhone (Find iPhone)" function.

Even if you try to ring the iPhone's alarm again using the iPhone search function ......

"Pending Play Sound (Hold)" is displayed ......

The iPhone's alarm will not sound.

Tap "Delete Account".

Tap "Delete" ...

Without asking for password input ......

I was able to delete account information from iPhone.

By registering new iCloud account information, you can register a new iCloud account on your iPhone.

I actually tried out whether it is possible to delete account information so easily.

I used iPhone 5s version 7.0.4.

Tap "iCloud" in "Settings".

The "Search for iPhone" function is effective, so when trying to invalidate ... ...

Since you are prompted for a password like this, you can not invalidate it unless you know the password.

Let's execute an invalidation bug. Tap "Account" on the iCloud screen.

Remove password once.

Enter a random password and tap "Done".

Tap "OK".

Tap "Account" again.

"ICloud" in the explanation column ......

Leave blank and tap "Done".

Scroll down as you return to the setting screen ......

The "Search for iPhone" function still remains valid.

Restart the iPhone here and once again go to "Settings" → "iCloud" ......

The "Search for iPhone" function was disabled.

Tap Delete account.

Tap "Delete account" ......

Tap "iCloud" as it returns to the setting screen.

A new iCloud setting screen appears. I was able to delete iCloud account information from iPhone.

Although the procedure was slightly different from the published movie, it was easy to invalidate "Find iPhone" and delete "iCloud" account information.

A bug that invalidates the "Find iPhone" function and delete "iCloud" account information without the password being found this time is executable in iOS 7 version 7.0.4. Of course, this hack technique is impossible unless you log in to the iPhone, so it is a function that can not be used when screen locking is done by fingerprint authentication or password authentication, but if you do not use screen lock you can easily know the password It seems to be said that there is a risk of hacking people who do not.

It is said that these bugs have been fixed in version 7.1 scheduled to appear next to iOS 7, so updating it as soon as version 7.1 is released seems to be good.

11:43 Addendum
By doing the same operation on the version 7.0.4 iPad, you can disable the "Find iPad" function and reset the iPad iCloud account information without entering a password.

in Review,   Mobile,   Software,   Hardware,   Video, Posted by darkhorse_log