iOS bug lets attackers disable Find My iPhone
With last year’s launch of the Android Device Manager, Google took some important steps to bring new security features to its platform, helping users both locate missing hardware, as well as protect the data on that hardware from falling into the wrong hands. For Apple fans, though, this was all old hat, as iOS has offered its own Find My iPhone (or iPad, or Mac) service for years now. Being around for as long as it has, iOS users have learned to put a lot of faith in it, but that may be something they want to reconsider, with the discovery of an attack that lets a malicious user disable Find My iPhone without needing a password.
In order to take advantage of this, the attacker needs to have access to your unlocked iPhone, not protected by Touch ID or with a passcode – maybe if you left your phone on a table and turned your back for just a moment – but once he has his hands on your phone he’ll be able to disable the Find My iPhone tracking without separately needing your Apple account password, thanks to this glitch.
The ability to block the attack by securing your device with a passcode or Touch ID certainly mitigates its impact, but this is still an embarrassing development. Reportedly, the current iOS 7.1 beta doesn’t fall victim to the same attack (the steps of which are detailed in the video below), so Apple seems to be aware of what’s happening, but currently available public iOS releases are still vulnerable.