Hackers Used Activation Lock Website to Verify and Steal Valid Serial Numbers – Could Explain Its Removal
Hackers were apparently able to generate a valid serial number by changing one or two characters in an invalid serial number using the Activation Lock tool. Earlier today, we reported that Apple has removed the Activation Lock status checker from its website. While the company didn’t give any details, it appears that the Activation Lock hack may have been the reason.
Activation Lock hack could be the reason behind its removal
Apple’s Activation Lock site was designed to easily verify a used device using an IMEI or a serial number. This would help users ensure the used iPhone or iPad they were buying wasn’t secured with Activation Lock, helping avoid purchasing a device that was locked to another user. Apparently, this status check page also made it possible for hackers to add in new characters until they found a serial number that worked. Once a hacker manages to get a valid serial number using this Activation Lock hack, they can use it to unlock a previously non-functional or stolen iPhone or iPad.
The latest Activation Lock hack also explains the recent glitches experienced in the past few months by several iPhone and iPad users. “When attempting to activate a new or recently restored device, some iPhone owners have found their devices inexplicably locked to another Apple ID account – one with an unknown name and password,” MacRumors reported. iPhone 6s, 6s Plus, 7, and 7 Plus users have been experiencing this problem since September.
The Cupertino tech giant hasn’t confirmed whether the Activation Lock hack is related to the Apple ID Activation Lock bug. However, since the hack uses a valid serial number – one that already belongs to a legitimate user – it could cause the legitimate devices to be locked out once their serial numbers are used by hackers.
Activation Lock has largely proven to be a successful tool helping users to verify stolen iPhones and thus deterring theft. Activation Lock is also extremely difficult to bypass too, which is why it takes more sophisticated hackers to come up with bypasses. Along with this latest hack, we also saw another Activation Lock hack last year where a researcher showed how it was possible to bypass Activation Lock on an iPad by flooding Wi-Fi logins with long strings while repeatedly opening and closing a Smart Cover.
It is unclear whether Apple will bring back the Activation Lock website after fixing these loopholes.