iOS devices have a feature called 'Find My iPhone', allows device owner to locate their stolen devices using linked Apple ID with iCloud Account.
Unfortunately, a security flaw in iOS make it possible to turn off Find My iPhone without a password and enabled thieves to bypass the protection which makes the iPhone untraceable if lost or stolen.
To Set-Up 'Find My iPhone' feature, users need to link their Apple ID with it and this will not only helps in locating the device but also gives permission to its user to remove all the data, drive direction to the lost device, lock the device by a passcode and displays a custom message on the locked screen.
KILL 'Find My iPhone' WITHOUT APPLE PASSWORD
Normally, disabling Find My iPhone requires Apple ID password, but according to the vulnerability reported by Miguel Alvarado, a thief can bypass all of this security feature without knowing your Apple account's password.
In a video demonstration on iOS 7, he explained that just by tapping the "Delete Account" in the iCloud settings panel and switch the "Find My iPhone" to off mode simultaneously, one can easily remove the iCloud account without any password authentication.
But doing so is not that much easy as it actually looks, a novice has to perform this a number of times to get this done.
After Doing so, just connect the hacked iPhone with your computer and use iTunes software to restore the smartphone's Data.
Similar flaw was disclosed in February this year allows anyone to disable 'Find My iPhone' on iOS 7.0.4 devices.
Similar flaw was disclosed in February this year allows anyone to disable 'Find My iPhone' on iOS 7.0.4 devices.
HOW TO PROTECT YOUR iPHONE
The the vulnerability is totally irrelevant if you have a passcode on your iPhone. Apple will release a fix as soon as possible, until then users are advised to keep a secure passcode with a very short timer, that prevents anyone from getting into the iCloud settings at all.