
News + Trends
Checkm8: New vulnerability found in iPhones - Apple powerless
by Livia Gamper
iOS 13 and the new MacOS have made Apple devices even less attractive to thieves. You can now track or lock your lost iPhone, iPad, or Mac thanks to other users.
Apple and Android have had a function to track, delete or lock lost devices for quite some time. With iOS 13 and MacOS Catalina 10.15, Apple has added a brilliant new feature.
Let’s get this straight: the Activation Lock isn't the same as the passcode that you've hopefully set.
The problem is that devices which are only protected with a passcode can be reset to the factory settings with a hard reset. In this case, all data will be lost. This keeps others from getting at your private information, but it also erases everything else that’s on your smartphone, tablet or notebook.
Activation Lock, however, locks devices completely. If they are linked to Apple's iCloud via the «Find my» function, they cannot be reset to factory settings and they can only be unlocked entering your Apple ID and password.
The countless websites, tools and YouTube videos, which allegedly help to remove the Activation Lock don't work for up-to-date operating systems. Such a device is useless to any thief.
iOS 13 and MacOS 10.15 make it possible to track or set an Activation Lock on a lost iPhone, iPad, Apple Watch or Mac from another Apple device.
This even works if your device isn’t connected to the mobile network or a WLAN. Apple uses small data packs («payload») for this function, which are sent via Bluetooth when connection requests are made. Here's the full presentation at WWDC 2019 (from 1:51:25).
This means that if you leave your iPhone in a bar or your MacBook is stolen from your bag at the airport, nearby Apple users can act as accomplices to track your device. You will need at least two Apple devices and the «Find my» function needs to be activated on all of them.
This is how it works:
The only conceivable chance for a tech-savvy thief of your iPhone or iPad is to find an omnipotent jailbreak. Yet, the recently released exploit for iOS devices checkm8 doesn't help thieves: this bug requires local access to a Mac that your iPhone already trusts.
If you've forgotten all passwords or bought a second-hand device by legal means, there's also an official way: Apple itself has a master key for all devices and can unlock devices with Activation Lock. This requires an appointment in the Apple shop and proof of purchase – otherwise Apple can't do anything.
A really smart move by Apple. Take that, thief!
By the way: Apple didn't invent this; there are several Bluetooth trackers that have a community function. Tile finders, for example, are available in our shop.
I'm the master tamer at the flea circus that is the editorial team, a nine-to-five writer and 24/7 dad. Technology, computers and hi-fi make me tick. On top of that, I’m a rain-or-shine cyclist and generally in a good mood.