Apple's iCloud Activation Bypassed by doulCi Hacking Team - Thousands of Locked iDevices Being Unlocked Per Day
A hacking duo consisting of two well-known Twitter users - MerrukTechnolog and AquaXetine - have released a web-based hack that lets you bypass the iCloud activation process and unlock iPhones and iPads in a few simple steps.
The duo claims that the hack was released "for the people" and to help iDevice owners "get back their digital lives." They also allegedly reported the potential exploit to Apple a couple months ago but received no response.
So How Does the Hack Work?
iPhone or iPad users who can't get into a locked device can now simply connect it to a PC or laptop via USB and then visit doulCi.net to follow the simple instructions and gain access without using any iCloud login credentials.
The hack works by mimicking Apple's authentication servers. Usually when someone types in their iCloud username and password that information is sent to Apple for verification.
However, with a simple modification of the hosts file on the connected computer, the login information can be rerouted to a decoy server that will automatically authenticate and unlock the device.
The hacking duo says that adding a "magic line" to the hosts file and running the iTunes software on the connected computer is all that needs to be done to trick the device into authenticating through one of doulCi's servers instead of Apple's.
The team is calling the new hack "the first iCloud alternative server".
The doulci.net site doesn't look like your average hacker's homepage. It is loaded with professional looking design features and reads more like a sales page, even though the hack is completely free.
Appreciators of doulCi are only encouraged to donate via PayPal or Dixypay (supposedly they'll be taking BitCoin donations soon as well).
Does the doulCi Hack Always Work?
The hack works on most popular iDevices, but the team says that GSM iPads, the iPhone 4s, and the iPhone 5c and 5s are still in the beta testing phase, so there may be some kinks to work out in those devices.
Another issue that has been mentioned on Twitter is that the hack does not allow for the restoration of cell service on all devices. Some users report that doulCi unlocked their iPhone but now they cannot access their cell service, essentially turning the device into a glorified iPod.
However, the doulCi team has responded by stating that a "carrier fix is coming" for those having signal issues.
What Has Apple's Response Been?
Although Apple hasn't yet released an official statement in response to the relatively recent hack, doulCi says that they've been asked to contact Apple as soon as possible, despite the fact that the duo allegedly tried to warn the company about the mistake several months ago.
Apple will most likely soon release a fix for iOS 7, but that will only keep people from using the doulCi hack in the future, it probably won't do anything to re-lock the devices that have already been hacked.
So in a sense, as the doulCi team has implied, it may be too late to fully patch this massive iCloud breach - literally hundreds of thousands of devices are already being unlocked using doulCi every day.
Ethical Hacking or a Gateway for Thieves?
While there are many legitimate iDevice owners who have simply lost/forgotten their credentials or gotten hacked, there are also many stolen devices out there that can now be unlocked and sold on the black market thanks to the new doulCi hack.
In fact, Apple actually implemented iCloud activation feature as a form of anti-theft authentication, to discourage thieves from wanting to steal iDevices.
However, it is debatable whether there are more genuine owners being locked out of their devices than thieves trying to make a quick buck.
Still, in major cities like San Francisco, smartphone thefts account for a huge percentage of theft-related police reports.
What's your opinion? Do you think the iCloud lock is more of a hassle than a security feature? Are there more thieves being locked out of devices than legitimate owners? Feel free to tell us in the comments section below.