Skip to Content
Security & privacy

How do crooks break into iCloud-locked iPhones? Let’s take a look

What would you do if you lost your iPhone? Or worse, if it was stolen? The right thing to do is to first use Find My iPhone to try and locate, and in the worst-case scenario, remotely wipe it.

Next, you will probably report the iPhone as lost or stolen to your carrier or Apple to prevent the gadget from being resold. There are serial number blacklist, IMEI locks and more importantly, Apple iCloud account locks that can prevent your phone from being reactivated.

However, despite these activation locks and kill switches that help thwart thieves, there will always be hackers and scammers who will remain one step ahead of the curve. Let’s take a look at their latest techniques.

How do hackers resell stolen iPhones and iPads?

A new extensive report from Motherboard details the various ways hackers can unlock iCloud-locked iPhones and iPads so they can reactivate them and sell them.

See, in 2013, Apple introduced the iCloud locking to iPhones and iPads. This means that only one iCloud account can be associated with an iPhone or iPad and in order to sell it (or give it to someone else), that account has to be completely removed and unlinked from the gadget.

This also means that resetting and reactivating the iCloud-locked iPhone or iPad will require the password of the linked iCloud account. Without this, the gadget can’t be set up as new.

This is why stolen iPhones that are iCloud-locked are almost completely useless and are often sold just for parts. Note: If you see a Craigslist or eBay listing for a cheap iCloud-locked (and IMEI-blocked) iPhone or iPad, stay away! Not only is it useless, but it could also be stolen or lost merchandise.

But as usual, iPhones and iPads will always be hot items and crooks have found ways around this.

Obtain the iCloud account password via phishing or social engineering

One popular method for reactivating iCloud-locked iPhones and iPads is via old-school phishing scams where resellers will try and locate the original owner then trick them into giving up their Apple ID/iCloud password.

Black market Apple gadget resellers apparently rely on special iCloud phishing kits that are easy to use and can be purchased through underground online chats and iPhone hacking message boards.

Based on Motherboard’s investigation, these phishing kits come with pre-designed templates that are designed to fool the victims into thinking that their lost iPhone was found.

For example, a hacker could send out a text message that appears to be from Apple containing a link that’s designed to steal your Apple ID credentials. These kits can even send out a fake map of where the lost iPhone was located to further reinforce the ruse. Tap or click here to see how these fake Apple login pages can clean you out.

But how do these hackers find out about an iPhone’s activation lock status? They reportedly use paid lookup databases that could tell if an iPhone has “Find My iPhone” enabled or if it was already reported lost, stolen, or clean. (Some hackers even claim to have access to Apple’s Global Service Exchange, or GSX, a repair database used by authorized Apple and its service centers.)

With these tricks, once the hackers get the iCloud credentials they need, they can simply enter them on the locked iPhone, clear it out then resell them.

Use fake receipts and trick Apple employees into removing the iCloud lock

Although phishing scams are popular among cybercriminals, they can be hard to pull off and there’s a good chance that tech-savvy users won’t fall for them.

But hackers have another trick up their sleeves — they are going straight to Apple and have the company’s employees do the dirty work themselves!

Using photoshopped fake receipts and invoices, scammers are starting to take locked iPhones to Apple Stores, claim that they have forgotten their iCloud password and have Apple employees unlock the devices for them.

See, according to documents obtained by Motherboard, Apple Stores have an “iCloud Support App” that lets employees check the iCloud status of an iPhone or iPad, and it also allows managers to request the unlocking of the device.

With an authentic-looking receipt and detailed information about the gadget (IMEI number, date of purchase, name on the iCloud account, etc.) obtained from online databases, it’s not hard to see why this method is becoming more popular.

Note: Keep in mind that an iCloud lock is different from your iPhone’s passcode. Your passcode will lock your screen and encrypt your iPhone’s data, while an iCloud lock will prevent it from being reactivated under a different account.

Steal the iPhone with physical threats and force the owner to disable iCloud

While phishing and social engineering scams are devious, at least they don’t cause physical harm. But, it looks like street-level crooks are stepping up their game, and they are now using violent threats to force victims into deleting their iCloud accounts from their iPhones.

Last month, Motherboard notes that there have been reports of iPhone muggings in Philadelphia where the suspects are holding their victims up at gunpoint, demanding that they pull up their iPhones, disable “Find My iPhone” then log out of their iCloud account.

Another case filed in Washington detailed how a teenager placed a woman in a chokehold and asked her to delete her iCloud from her iPhone 6S, then ran away with it.

It’s scary enough that a thief would steal your smartphone right out of your hand while you’re using it, but using violent threats to force you into removing your iCloud account? That’s an entirely new level of hi-tech crime.

Want to learn more about this disturbing trend? Listen to this free Komando podcast and hear Kim talk about it in just a minute.

How to protect your iCloud account

Secure your iCloud Account Password immediately

First order of business, if your iPhone was stolen or lost, change the password of your iCloud account immediately. Even if attackers get a hold of your credentials and try to lock your device, the password will be invalid, foiling the attempt.

Beware of phishing scams

And as usual, beware of phishing scams. Elaborate phishing scams that use fake login pages that look like the real deal are becoming more common.

This is why it’s important to carefully check the addresses or URLs of the websites you visit, especially login pages.

Keep Passwords Separate for Each Account

This is recommended not only for your iCloud account but also for every other online account. Every password is best kept unique, rather than using the same password everywhere. When you use the same password for every account, hackers find it easy to attack you.

If one of your accounts is attacked, chances are the other accounts will not be safe for too long. On the other hand, having unique passwords for each account will keep the other accounts safe even if one of them is compromised.

Here are 5 password mistakes that will likely get you hacked.

Activate Two-Step Authentication

While this can’t stop your lost iPhone from being reset, it does help protect all your data stored in your iCloud account. This includes pictures, emails and contacts.

When you have two-step authentication enabled, Apple will send you a passcode on your device to ensure it was you who requested access and not someone else. Even in the event of someone gaining access to your account, since they do not have passcode access to the data stored they will not be able to access said data.

Note: Although iCloud’s two-step can protect your account, it has one glaring weakness. Tap or click here to read more about it.

Tech smarts in 2 minutes a day

Get my Daily Tech Update and the Digital Life Hack. Just one minute each and arm you with the tech knowledge you need to impress your boss and friends with how smart you are.

LISTEN NOW