iOS 7 Bug Turns Off Find My iPhone And Bypasses Activation Lock
Apple builds in security features and the ability to track a lost or stolen iPhone into the iOS 7 and higher operating system. Those features allow a user to track their smartphone if it is lost or stolen and prevent someone from being able to remove the iCloud account tied to the device and avoid tracking. The problem is that an easy to exploit security issue in iOS 7 and higher has been found that makes bypassing those features easy.
A video has turned up outlining how to go about removing the ability to be tracked via Find my iPhone and remove the iCloud account tied to an iPhone. The exploit involves hitting the "delete account" and the toggle to turn off Find my iPhone at the same time. According to reports, hitting those two buttons at the same time is the hardest part of this exploit.
The person trying to turn off the security features will then be prompted for a password. When that prompt is seen, the nefarious user turns off the phone by holding the power button. Once the phone is restarted, the iCloud account will be able to be removed without being prompted for a password.
Once the iCloud account is removed, the person can restore the iPhone and Activation Lock won't be activated because that feature needs Find My iPhone to be enabled. The only fix for this issue until Apple patches it is to put a pass code onto your phone that keeps people from getting into settings. The catch with a pass code for many people is that it gets annoying having to enter the pass code if you get into your phone frequently. Check out the video to see the security exploit in action.
SOURCE: 9to5Mac