In a novel melding of physical and cybercrime, hackers, thieves, and even independent repair companies are finding ways to "unlock iCloud" from iPhones.
In spring, 2017, a teenager walked up behind a woman leaving the Metro in Northeast Washington DC and put her in a chokehold: "Be quiet," he said. And "delete your iCloud." He grabbed her iPhone 6S and ran away.
Last month, there were a string of similar muggings in Philadelphia. In each of these muggings, the perpetrator allegedly held the victim up at gunpoint, demanded that they pull out their iPhone, and gave them instructions: Disable “Find My iPhone,” and log out of iCloud.
In 2013, Apple introduced a security feature designed to make iPhones less valuable targets to would-be thieves. An iPhone can only be associated to one iCloud account, meaning that, in order to sell it to someone else (or in order for a stolen phone to be used by someone new) that account needs to be removed from the phone altogether. A stolen iPhone which is still attached to the original owner's iCloud account is worthless for personal use or reselling purposes (unless you strip it for parts), because at any point the original owner can remotely lock the phone and find its location with Find My iPhone. Without the owner's password, the original owner's account can't be unlinked from the phone and the device can't be factory reset. This security feature explains why some muggers have been demanding passwords from their victims.
The iCloud security feature has likely cut down on the number of iPhones that have been stolen, but enterprising criminals have found ways to remove iCloud in order to resell devices. To do this, they phish the phone’s original owners, or scam employees at Apple Stores, which have the ability to override iCloud locks. Thieves, coders, and hackers participate in an underground industry designed to remove a user’s iCloud account from a phone so that they can then be resold.