#i #cloud #security
Thieves can disable Find My iPhone and delete your iCloud account thanks to security glitch in iOS 7
Posted: 03 Apr 2014, 11:05. by Alan F.
With iOS 7, the only way to delete an iCloud account or restore a wiped device, is to disable Find My iPhone. And the only way to disable Find My iPhone is to enter your Apple ID password. Apple did this to prevent thieves from avoiding detection from the Find My iPhone application. But it seems that there is a way for the bad guys to bypass this security set-up. Going to the iCloud settings panel, you need to press “delete account” at the same time you click on the switch to disable Find My iPhone. That combination, done at the same time, requires a bit of dexterity, but it can be done.
You then will be prompted to enter a password at which time you hold down the power button and turn off your handset. When you reboot the iPhone, you can then go into the iCloud setting panel and remove the account without being asked for a password. It will then allow anyone to plug the phone into iTunes and restore it with no questions asked. And with Find My iPhone disabled, the Activation Lock will not save you.
We would expect to see Apple working feverishly on a fix for this problem. The last thing you want to happen if your iPhone is stolen is for the thieves to remove your iCloud account, making it much easier for them to find a buyer for the device.