How criminals bypass locks on stolen iPhones

The phishing of iCloud credentials to unlock stolen iPhones is a growing black-market industry.
  • A TrendMicro report released on Tuesday sheds new light on the ways thieves unlock and resell stolen iPhones.
  • Most iPhones are locked by the Find My iPhone app, which locks down the device, making it useless to thieves. However, the lock can be bypassed with sophisticated phishing techniques. Criminals can send out fraudulent emails to collect a victim’s iCloud password and unlock the phone.
  • The victims might receive a fake email or text message, for example, alerting them that their iPhone has been located and asking them to input their password to get it back.
  • There is also a huge industry for iCloud-unlocking services. TrendMicro studied the available toolkits for breaking into iPhones and one of the main tools they found in use is called “FMI.php”.
  • Once victims enter their credentials on the aforementioned phishing page, FMI.php can retrieve the user’s iCloud information such as the cell phone number, passcode length, ID, GPS location, whether the device is locked or not, and if there’s a wipe command in progress.
  • It is also used to delete the device from the victim’s Apple account once it’s been unlocked. Criminals are then notified by email once the victim has been successfully hacked.
  • Similar tools such as MagicApp and AppleKit basically allow theieves to run their own criminal enterprise by automating a lot of the unlocking work. MagicApp, for example, can send “a fake GPS location to deceive the victim into believing their lost phone has been found.” The app offers 50 phishing templates for messages to steal iCloud credentials.
  • “The online tools we’ve seen show how traditional felony and cybercrime can work concertedly—or even strengthen each other—towards bigger payouts for the bad guys,” TrendMicro concludes.

So you Think Shes Cheating on You - Put Your Mind at Rest With FlexiSPY (728x90)

Be the first to comment

Leave a Reply

Your email address will not be published.