IPhone is consider a pain in a*** for thieves to hide it’s easily traceable through Find my IPhone. “Find my Phone” got alot of attention recently, it’s like a Gladiator who is there to fight if in any case, your phone is lost or stolen . The interesting fact is – theft will always find way to trick this guard and walk freely.
Few months back, a bug was discovered which would let users disable “Find my Phone” without proper authentication, and Apple patched it in subsequent version of updates.
Today, in this article, I will discuss a way to disable “Find my Phone” in all versions of iPhone, including upcoming ones.
Let first explain how find my phone works ,
Let’s first explain how Find my Phone works;
The user (presumably one who has lost his/her iPhone) logs into his/her iCloud account and puts the phone in lost mode, with passcode if not already set. The phone, as soon as it is connected to the Internet, will sync iCloud and get locked or even wipe everything to factory default.
More details can be found at Apple Website
The picture below describes a situation where an iPhone user is able to trace his/her phone via Find my Phone.
These are few approaches that can make your Apple devices untraceable (Failing the Find my Phone)
1) Creating a Private DNS Server
This is a very easy approach and works cent per cent of time. What one can do is- setup a custom DNS Server and redirect all iCloud (Or Find my Phone) traffic to itself or somewhere else making *icloud.com unreachable. Once configured, the server’s IP can be assigned to iPhone or the Gateway (Router).
One can assign the DNS Server IP to his/her Gateway router and connect the iPhone. This way, s/he can use the phone without being worried about getting the phone locked or wiped out or being traced remotely.
In Jailbroken iPhones, hosts file can be modified to block communications from or to iCloud- without the use of private DNS Server. For Cellular usage, a VPN can be configured to use this DNS instead of default ones.
Fig:Method of Communication between ICloud and Lost IPhone
Fig: Using private DNS to prevent any communication between Icloud and phone .
This is a hard to patch bug for everyone, and Apple is no exception. Hard-coding IP will also not work, we can blacklist the hard-coded IP in our gateway to bypass it. If there’s any way to patch it, please feel free to mention me at @N_Cnew
2) Setting up a proxy and passing all traffic through it, but dropping iCloud traffic will make your phone offline for iCloud.
Here, I intercept iCloud traffic using BurpSuite; however, it requires installing a CA Certificate to be able to intercept HTTPS traffic.
I tried to put my iPhone in Lost Mode from iCloud- placing a new passcode along with a warning message and phone number to show in the message box. iCloud sends all these information when syncing with my iPhone, which I was able to intercept as shown in figure below.
Even worse is that many of us use same pin code for our other devices , if the pass-code is same for other devices that lucky day for theft. Many further information can be gain from the traffic which owner is send from Icloud and theft is reading it .
Apple’s protection to stop this all
PassCode Lock & Finger Print Lock
PassCode lock can be considered a good method to protect from all these to some extent. Fingerprint Lock is considered more secure but it requires a backup pin/passcode. Still, there exists some probability of getting the fingerprint of the owner from his/her iPhone. Jan Krissler old cliché of security researchers copy finger print of a minister from a photo. According to his research, it was found that a lot of people use commonly used passcodes, which are very easy to guess. Devices like IP Box are available in market which can be used to crack iPhone passcode.
Mistakes people make that lead to iCloud account take over;
1) iCloud email is setup in MAILBox of iPhone or iPad. Often, people don’t change their email’s password as soon as it is lost. In such cases, the email can be used to reset their iCloud password.
2) Many people don’t set passcode in their iPhone, and those who does mostly choose common passcode (eg. 0852,12345,147258,2580 etc.).
3)Many do not turn ON Find my Phone.(Case: I asked one of my friends why he doesn’t turn Find my Phone on, he replied that it consumes his cellular data, so he turned it off. I had nothing to reply.)]
If iCloud associated email has been added in MailBox, and if thieves can get access to that email box than they can request password reset for iCloud in that mail box and get into your iCloud account. Once they are in, there’s a lot one can do, such as turning OFF Find my Phone.
Also they can lock all your other Apple devices having the same apple id, the most scary case.