The underground company that hacks iPhones for ordinary consumers

0
59

“Activation Lock”, a message displayed on the iPhone screen read. “This iPhone is linked to an Apple ID. Enter the Apple ID and password that was used to set up this iPhone.

This lock essentially turns iPhones into very expensive clipboards until the owner enters the requested credentials. This feature is designed to prevent anyone from using the phone if it is lost, or thieves from making money by reselling a stolen device. In part, Activation Lock is intended to make iPhones less attractive to thieves because stolen devices cannot be used.

Now, an underground group is offering people a way to remove this lock from certain iPhones with their pay-for-hacking service. iOS security experts suspect that it is used to remove protections from stolen iPhones. The hacking group called Checkm8.info offering the service, which takes its name from a popular free jailbreak, insists its tool cannot be used by thieves.

“Our focus is on the ability to repair electronics because it’s the key to saving resources, fighting e-waste and environmental damage,” the Checkm8.info admin told Motherboard in an email. Motherboard previously wrote about how criminals used phishing emails to grab login credentials needed to remove Activation Lock. Checkm8.info provides a much simpler method and seems to streamline what is usually a complicated process into one that non-technical users can follow. Checkm8.info is right in that activation lock can be frustrating for iPhone repair professionals, e-waste facilities, and refurbishers, and has resulted in many phones being shredded or destroyed in perfect condition obtained by legal means. A user of the Checkm8.info site told Motherboard that he uses the service as part of his legal business of reselling phones.

Do you have more information on criminals using Activation Lock Bypass Tools? We would love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on [email protected]or email [email protected].

Under the hood, Checkm8.info uses checkra1n, an open-source jailbreak tool released in 2019. Checkra1n uses an exploit called checkm8 written by the developer known as Axi0mX.

“I don’t like it, but I don’t know what I can do about it,” Axi0mX said in an online chat on the checkm8.info service. “Anyway, I don’t support the practice and the checkra1n jailbreak and checkra1n team either.”

Checkm8.info only works for devices running iOS versions 12 to 14.8.1, according to the checkm8.info website. This is because checkm8 only works on older iPhone devices, up to the iPhone X, because it leverages an older version of the iPhone bootrom, the first code an iPhone runs when it turns on. New iPhones have updated bootrom code which is not vulnerable to checkm8.

See also  How businesses benefit from cybersecurity solutions MTN Business

Activation Lock is enabled on an Apple device when the user sets up Find My, the Apple service that allows users to track the location of their iPhone, Mac, or Apple Watch. After that, anyone who wants to erase or reactivate the device, which would be vital for resellers, must enter the corresponding Apple ID password.

A video on the checkm8.info website shows how simple the process of using the checkm8.info tool is. A user downloads the software, installs it, opens it, and then plugs their target device into their Mac or PC.

“Prepare for jailbreak!” the video’s narrator says at one point. The video then shows the checkra1n jailbreak running on a device.

Normally, if a user ran the checkra1n jailbreak themselves, that would be the end of the process. But checkm8, info, in its mission to co-opt freeware and make a profit, then asks users to purchase a license to complete the hack. The site charges $69.99 per license, according to the video. In Motherboard’s own tests, the price has been reduced and the organization is now asking for a payment of $49.99.

“Done! You have successfully bypassed iCloud Activation Lock on your device,” the narrator adds.

The admin told Motherboard in an email that they sell 30-150 licenses per month, which is between $2,100 and $10,500.

Checkm8.info has a few apparent competitors that also offer similar services, such as Minacriss and iRemoval PRO. A message on iRemoval PRO’s Telegram channel also mentions the use of the checkm8 exploit.

Checkm8.info also offers a service which it describes as “Bypass iPhone Passcode”. However, this service is not a tool similar to established iPhone unlocking services such as Cellebrite and GrayShift. “This service restores the device to factory settings and activates it as a new device using an activation ticket saved from the system. So basically this method has nothing to do with brute forcing or leaking user data. The passphrase is a common name used by other tools for this service, so we decided to give it the same name,” the admin of checkm8.info at Motherboard.

Checkm8.info also offers a reseller program where vendors can sign up to purchase checkm8.info licenses in bulk, perhaps for their own large-scale unlocking service.

Kevin Flash runs a company called SellLocked that buys iPhones with activation locks. For example, SellLocked.com offers $25 for a TAUT iPhone X with activation lock, according to a quote generated by the site. Flash told Motherboard in a Facebook post that he used checkm8.info to remove the lock and then resold the now working phone. He said that once a phone has activated Activation Lock and someone can’t remove it for some reason, “so many Apple products become literal garbage other than a few key things.”

See also  Assaults on abortion clinics, patients up 128% in 2021: report

“The waste is just astronomical,” he added. In a Facebook post, Flash said it used checkm8.info on 30 iPhone Xs.

OkemoZurs, an Apple device collector, told Motherboard that he had used a similar service to checkm8.info with success. “I actually used something using the same technique as on some locked iCloud [Activation Lock] devices before,” he said.

Users of the checkm8.info Discord server claim they want to use the tool for things like removing the lock on a device they purchased.

“I want to bypass the activation lock on a MacBook air 2019 which I bought from an old man for my younger brother. Can I run the checkm8 service application perfectly fine on a virtual machine as I only have a Linux-based PC,” said a user on the checkm8.info Discord server in March.

Motherboard tested the checkm8.info service with a T-Mobile phone reported as stolen. The checkm8.info tool successfully jailbroken the target device, but the part of the program responsible for bypassing the activation lock crashed several times. This may be because the process requires a cell phone signal to complete and T-Mobile has blocked the phone from receiving or sending messages. The process, however, was very quick and could reasonably take place before a victim manages to report their phone as stolen.

Jailbreak developer checkra1n told Motherboard, “I think there are 2 types of users who are looking for this type of service: (1) Those who steal phones because they know they can temporarily unlock them and set them up for sale and (2) users who were scammed and purchased a stolen device that was locked or later locked.

The checkm8.info admin added, “I personally consider Apple to be too strict with their vendor lockout policy. If you check Apple’s niche forums on the web, there are tons of complaints from users whose accounts have been locked for many different reasons and are unable to access them or recover passwords. lost passwords for their accounts.

Members of the jailbreak and iPhone security research community are convinced that the service is for illegal purposes – to unlock stolen iPhones. Axi0mX, the developer of checkm8 exploittold Motherboard in an online chat that services that bypass activation lock would be useful for unlocking stolen phones.

See also  Åland opens its first visitor center

“I’m disappointed to see that (for most of them) the checkera1n [sic] the team’s efforts have been abused to provide such services,” a security researcher specializing in iOS hacking, who asked to remain anonymous because he was not authorized to speak to the press, told Motherboard. . “I’m just an enthusiastic user of checkra1n. What I find upsetting is that people are using a research tool to create software that might help the iPhone theft industry, and the fact that they’re making money from free labor broadcast.

The checkm8.info admin behind checkm8.info said that the service does not cover stolen devices. They said the service uses an API from the GSMA, the wireless industry’s trade body, to check if a device has been “blacklisted,” which can mean the device has been lost or Fly. This is an extra protection on top of Apple’s Activation Lock. Network operators and repair companies use this API to check this theft status.

“Protect your reputation by reducing the likelihood of accepting stolen or lost devices,” the GSMA website says in a section describing how the Device Check service can be used by device recyclers.

The administrator of checkm8.info claimed to have used the GSMA tool to spot stolen devices and prevent them from using the jailbreak.

“We also deny such devices in our system,” they wrote in an email.

However, this API would only work if the victim reported that their device was stolen. When a consumer reports their device stolen, their carrier marks the IMEI, a unique identification code, as belonging to a stolen device. But if a consumer doesn’t self-report the phone as stolen, there may still be a window for a thief to deploy checkm8.info against a phone that had only Activation Lock enabled.

The GSMA declined to comment on the case. T-Mobile told Motherboard that it reports stolen devices to the GSMA database.

At least some Apple employees are familiar with the Checkm8.info service. A Product Security employee at Apple follows the group on Twitter. Twitter briefly suspended checkm8.info’s account in April, but the account is back online at the time of writing.

Apple declined to comment.

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.

The post The Underground Company That Hacks iPhones for Ordinary Consumers appeared first on VICE.

LEAVE A REPLY

Please enter your comment!
Please enter your name here