How to protect yourself from the iOS 7 ‘Find My iPhone’ security flaw

ios 7 find my iphone security flaw how to 5s

To beef up security in iOS 7, Apple made so that if you want to delete an iCloud account or restore your device, you must first disable the Find My iPhone feature. And to turn that feature off, you need to enter the password for your Apple ID. Unfortunately, YouTube user Miguel Alvarado discovered that a security flaw, which enables you to disable Find My iPhone and bypass Activation Lock without a password, still exists in iOS 7.1.

In the iCloud settings panel, you need to tap “delete account” and the toggle for Find My iPhone at the same time. You then need to power down the iPhone, and when it turns back on, you can go back into the iCloud settings panel and remove the password without a prompt to type in your password. This allows you to connect the iPhone to iTunes and, from there, fully restore it.

There are a few things for thieves to take into account. For one, restoring the iPhone does not remove the IMEI attached to it. As such, the handset can still be blacklisted, turning it into nothing more than a brick. In addition, your mileage may vary. While we’ve been able to replicate the initial steps, we were still prompted to type in the password. Older iPhone 4 and 4S devices are more likely to succumb to this issue.

Even so, this is still a major security flaw that doesn’t seem to be new, making matters somewhat worse.

Thankfully, there is an easy way to prevent this from happening: put a passcode on your iPhone and, if you have an iPhone 5S, enable Touch ID. While it seems annoying to constantly type your passcode whenever you want to access your phone, it’s something that adds a necessary security layer to your iPhone. We haven’t been able to replicate this issue on newer iPhones either, so upgrading to an iPhone 5, 5C, or 5S helps.

Be sure to check out our 41 Common problems with iOS 7 and 7.1 article if you’re having other issues.