Criminals use several methods to unlock stolen iCloud-locked devices.
Back in 2013, Apple implemented a security feature in the iPhone designed to make the device unattractive to thieves. Since an iPhone can only be associated with one iCloud account, it must be completely deleted for a criminal to sell it, and this cannot be done without an iCloud password. Without a password, you can't roll back your iPhone to factory settings either.
As long as the iCloud account is valid, the current owner of the device can remotely lock it and locate it using the Find My iPhone feature. It turns out that a stolen iPhone tied to the iCloud of its real owner is useless for thieves (they can only sell parts).
The above security feature did help reduce theft, but enterprising criminals have learned to bypass it, writes Motherboard. Thieves, programmers and hackers have joined forces to find ways to bypass iCloud lock and successfully sell stolen iPhones.
The scheme, dubbed iCloud unlock, uses fake receipts and invoices to convince Apple that the thief is the rightful owner of iCloud, smartphone databases and social engineering in Apple Stores.
To remove iCloud, criminals either get a password from the victim himself (using phishing) or trick an Apple Store employee into unlocking a stolen device. The third option is rare and consists in removing the device's central processor from the motherboard and reprogramming. In some cases, thieves even force the victims themselves to delete their iCloud accounts, threatening them with physical harm.
There are even specialized communities of hackers in instant messengers that are engaged in unlocking iPhones for the purpose of their further sale. They exchange experiences and publish screenshots of successful hacks. Some hackers are working on dozens of devices at the same time.
