A Dutch-Moroccan team of hackers calling itself "Team DoulCi" have reportedly claimed to hack a protective feature on Apple's iCloud system, that could leverage an attacker to remove security measures on lost or stolen iPhone devices.
According to a report from Dutch news organization De Telegraaf, the hackers purchased locked iPhone devices for $50 to $150 each and then bypassed Apple's iCloud activation lock through a serious security vulnerability Apple has failed to patch with its most recent updates.
The critical vulnerability in the Apple's iCloud allowed them to unlock stolen iPhones in an instant, which could then be sold for a large profit in the Blackmarket. This is the first time when any hacker group has managed to compromise the highly secured Apple's iCloud service.
iCloud is a cloud storage and cloud computing service provided by the Apple Inc. to its users since October 2011 with more than 320 million users across the world. The service allows users to store and back-up data such as music, photos, applications, documents, bookmarks, reminders, backups, notes, iBooks, and contacts, and provides a platform for Apple's email servers and calendars.
The Dutch hacker go by the name AquaXetine and Moroccan hacker with the name Merruktechnolog, claim to have unlocked more than 30,000 stolen iPhone devices in the last few days.
In order to unlock those locked iPhones, the hackers use Man-in-the-Middle attack and tricked the iPhone apps into connecting with their server masquerading as an actual Apple server that's used to activate Apple devices. Once connected to the hackers server, it will instruct the iPhone devices to unlock.
Security experts believed that with the use of this vulnerability, the hackers could do much more than just unlock the stolen devices. They believe it might be possible that the hackers can instruct the devices to read iMessages and even pull information including AppleID credentials.
It took the hackers five months to breach Apple's iCloud system and a Twitter account that may be linked to the same 'Doulci hacker' group, yesterday posted a tweet which claims that the group have "processed" more than 5,700 Apple devices in just five minutes using the hack.
With the good intentions and just to be on a safer side, the group reportedly contacted Apple about this vulnerability back in March, but Apple never responded and remained silent on the matter, which stimulated the hackers to go public with the disclosure. The hackers say they finally decided to approach the Dutch media because Apple has not yet admitted publicly that its system has been compromised.
The pair of hackers are offering unlocking services via doulCi.nl website, according to information found on their website. doulCi is the world's first Alternative iCloud Server, and the world's first iCloud Activation Bypass.