iOS 7 bug found, allows you to bypass Activation Lock and switch off Find My iPhone without password

Within iOS 7, to delete an iCloud account requires you to have Find My iPhone disabled. And, if you need to change any settings for Find My iPhone, you need to log in using your Apple ID and password. The whole reason for this security is so that no one can grab your iPhone and switch off the location service, in order that you can track it, disable it or set off an audible alert remotely.

But there is a way around it, as discovered by an iPhone user who uploaded the video above to his channel (via 9to5Mac). In order to bypass the requirement for a password, all that that needs to be done is that you tap “delete account” and disable Find My iPhone using the toggle switch simultaneously. It’s never easy to get right straight away, but it is possible. After doing that, it’ll ask for a password, at which point you shut down the phone. Upon restarting, enter the iCloud settings menu and remove the account without it asking you for a password.

Once you’ve done that you can plug the phone in to iTunes and restore it without any issue. Activation Lock will be disabled since Find My iPhone is switched off, and it’ll be like setting up a new device.

It’s been a while since we’ve seen any security bypass bugs found in iOS, and it’s always pretty intriguing when someone manages to find one. Firstly, you have to wonder how they found it in the first place. But – nevertheless – it’s there, and Apple needs to deal with it. Normally in these cases, Apple addresses it with a delta software update and I can’t imagine it’ll be that long until we see a fix for this.

If you feel like trying it, let us know how it goes. But if it makes you feel uneasy that there’s an easy(ish) bypass out there, just adding a passcode to your phone will stop anyone from getting in to your iCloud settings in the first place.

Via: 9to5Mac

Tags: , , , , , ,