iOS 7.1 bug allows disabling of Find My iPhone without a password

BY Gautam Prabhu

Published 3 Apr 2014

findmyiphone

Apple introduced Activation Lock in iOS 7 that ties your iPhone, iPad or iPod touch with your Apple ID so that if your phone gets stolen, the thief has to know your login credentials to turn off Find My iPhone or erase the phone to factory state.

A bug in iOS 7 allowed users to disable Find My iPhone without entering a password. Apple promptly fixed it in iOS 7.1, however a user has discovered another bug in iOS 7.1 that could allow an someone to disable Find My iPhone. In fact, it seems a lot easier to disable Apple’s theft prevention feature.

Mike Beasley of 9to5Mac who first reported the issue explains how it works:

You first need to tap both “delete account” and the switch to disable Find My iPhone at the same time in the iCloud settings panel. That’s actually the hardest part of the entire process. When prompted for a password, hold down the power button and shut down the phone. 

When you restart the phone, you’ll be able to go into the iCloud settings panel and remove the account without being prompted for your password. After that you can plug the phone into iTunes and restore it with no problem. Not only that, but because Activation Lock requires Find My iPhone to be enabled, that feature won’t kick in after the phone is restored.

User Michael Alvarado who reported the issue to 9to5Mac demonstrating how it works in the video below:

While someone still needs to have access to your iPhone to be able to disable Find my iPhone, it is still embarrassing from Apple’s point of view to see someone figure out another way to disable the anti-theft feature, which ideally should be fool proof.