this post was submitted on 18 Jun 2023
25 points (80.5% liked)
Apple
17472 readers
163 users here now
Welcome
to the largest Apple community on Lemmy. This is the place where we talk about everything Apple, from iOS to the exciting upcoming Apple Vision Pro. Feel free to join the discussion!
Rules:
- No NSFW Content
- No Hate Speech or Personal Attacks
- No Ads / Spamming
Self promotion is only allowed in the pinned monthly thread
Communities of Interest:
Apple Hardware
Apple TV
Apple Watch
iPad
iPhone
Mac
Vintage Apple
Apple Software
iOS
iPadOS
macOS
tvOS
watchOS
Shortcuts
Xcode
Community banner courtesy of u/Antsomnia.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Any chance of a tl;dw synopsis?
The video takes a long time to say this:
There's a new (and concerning) service known as "Plist FMI off" which appears to be able to unlock an iPhone that would otherwise be locked and useless to thieves.
Disabling iCloud lock / Find My iPhone lock should be something only possible by someone working from inside Apple -- thus implying that there's likely an insider involved in this. Or at the very least, a security flaw in Apple's network that's allowing this to happen.
The Youtuber seems to think that Apple should be forthcoming about declaring this vulnerability exists. IMHO, he is wrong to think that. Declaring the flaw before it's been patched would only create a rash of iPhone thefts.
Ideally, Apple is now aware of this situation, and is doing internal investigations to correct it.
I wouldn’t say an insider is necessary for this to be possible. No software is perfect and there’s a big market for iPhone exploits and plenty of hackers trying to find them.
Hopefully this can be patched in iOS 17 or ideally sooner. Worst case is this uses some form of hardware flaw that can’t be patched.
The exploit would be on Apple’s backend servers rather than on device, with some jailbreaks you can bypass activation lock but your unable to use Apple services or even some functionality such as cellular. For an activation bypass there either needs to be a backend server exploit or an apple employee working with the service.
I can only vouch for Apple certified repair technicians but we need to have the customer provide proof of purchase such as a verified receipt and we can fast track the unlock process by sending it directly to the iCloud support department but we can’t unlock the device in our store and we can’t even take the device in for repair if the customer is unable to prove the device is their own(generally this is just unlocking the device or logging into their iCloud account and checking that the serials match but a original receipt also works)
I used summarize.tech to produce this synopsis:
The video discusses the issue of iCloud unlocking and how it is being used to bypass the activation lock security feature. Despite reports from iPhone repair store owners and anonymous groups of a flaw in Apple's activation server that allows stolen or lost devices to be unlocked, Apple has turned a blind eye and prioritized iPhone sales over security. The video highlights the negative impact of P-List FMI off or token FMI off service on honest phone vendors and local market prices, further questioning Apple's commitment to user security. A YouTuber suggests that individuals should focus on developing valuable skills, and expresses concern about the lack of action from Apple against iCloud unlocking.
Good question. I will always and forever downvote random links to YouTube videos!