Two hackers who call themselves AquaXetine and MerrukTechnolog have released information about a hack that can allegedly be used to bypass Apple’s tight iCloud activation mechanism. The surprisingly simple trick allows stolen iOS devices to be unlocked even if their owners have used the iCloud remote lock feature, which was designed to make iPhones, iPads and iPods less attractive to thieves.
The so-called “doulCi” hack relies on a man-in-the-middle spoofing technique to make Apple devices believe they have connected to a legitimate iCloud server when in fact data traffic has been diverted to doulCi itself. The duo behind the hack claim to be able to activate thousands of formerly bricked devices per minute. Twitter feeds belonging to both AquaXetine and MerrukTechnolog are overrun with photos of devices and screenshots of the the hack allegedly in action, as well as retweets by people around the world purporting to be evidence that it works.
All a user has to do is modify the hosts file on his or her PC or Mac. The hosts file helps direct network traffic from a PC to specific resources. When the user then runs iTunes, it will detect the device plugged in and automatically transmit an activation request, which is then rerouted to doulCi. The device is then purportedly activated without any further action on the user’s part. The team claims that work is in progress to ensure that all iPhone, iPad and iPod models are supported. The exact line that needs to be added to the hosts file is not published.
The duo, one Dutch and the other Moroccan, have also put up a website with details of how the hack works and multiple disclaimers that it should only be used by legitimate owners of devices who “have lost/got hacked or forgot there [sic] login info”. They describe doulCi as “the world’s first alternative iCloud server”.
The Hacker News cites a report in Dutch newspaper De Telegraaf, which says the duo bought a number of stolen iOS devices for between $50 and $150 in order to test the exploit. It is unknown whether they can intercept other iCloud traffic such as login credentials, file backups, photos, and iMessages.
Visitors to the website are encouraged to donate to the team via PayPal and Dixipay, with a Bitcoin option listed as “coming soon”. Black market sellers of stolen smartphones could find themselves making extraordinary profits if the alleged hack proves to work flawlessly.
The website goes on to state, “doulCi was built with love for the people, to give them a second chance to get there iDevices working again for simple use,and we have made this project because we are thinking about you and how we can be helpful for you and your family. This amazing tool called doulCi can get bypass the iCloud Activation Lock and get your device working again partially to get back your digital life, contacts, mail, notes, etc… [sic]”.
Apple has faced numerous security-related problems in the past, but its iCloud system has so far been impenetrable. This would be the first exploit of such scale and significance. According to The Hacker News, the duo attempted to contact Apple in the past to report the vulnerability they discovered, but received no response. iOS and iCloud updates since then have not fixed the flaw either. AquaXentine and Merruktechnolog then reportedly spent five months developing doulCi before taking it public.