The cryptocurrency tether (USDT) is used for hundreds of millions of dollars worth of transactions for illicit lost and stolen iPhone unlocking services.
Apple appears to have taken little action despite being alerted to the ongoing security breach in their iCloud and Find My iPhone features. These claims were highlighted in a recent video by technology YouTuber and repair technician Luis Rossmann.
A glitch in Apple Connect
Apple’s renowned security measures are under scrutiny following reports of numerous iCloud unlocking services advertised on various platforms. These services claim to bypass Apple’s security protocols, notably the Find My iPhone feature, designed to protect users’ devices and data.
A large reseller, according to Rossmann’s video, reported this glaring issue to Apple but received what seemed to be a standard, automated reply. This prompted the reseller to share email correspondences to prove Apple’s apparent indifference towards the issue.
It appears that a group of individuals exploited Apple’s activation server, particularly Level 2 of Apple Connect, a system intended to assist employees in unlocking devices for customers who forget their password or account information. The group reportedly found that an employee was using a basic command program to read activation request files from a device and remotely unlock it, even without physically possessing it.
In four months, the operation allegedly accumulated more than $180 million, generating approximately $2 million every two days. Despite notifying Apple about this flaw, the group expressed dissatisfaction with the company’s response and continued inaction.
An issue in Find My Phone
Meanwhile, another security researcher discovered a separate flaw in Apple’s Find My iPhone feature. Due to a failure to secure Apple IDs effectively, this vulnerability allows users unlimited attempts to guess a password.
It was speculated that Anonymous Inc., a company that buys and sells clean, legitimately acquired devices, had informed Apple of this security flaw over eight months ago.
Despite these notifications, Apple allegedly dismissed their reports. This ongoing ignorance has prompted Anonymous Inc. to disclose its findings publicly and has reportedly affected their business due to the proliferation of illegally activated stolen devices.
A service dubbed FMIoff, also known as Find My iPhone Off’ or Token Fmi Off, is one example that enables an iCloud-locked device to become an iCloud-unlocked device. Working remotely, this service is openly advertised on various websites and servers.
This breach in iCloud security, as claimed by those offering these services, is being overlooked by Apple. There are two suggested ways through which this service might be possible: using an Apple Connect VPN to access an internal activation server port or with technical support and access provided by an inside person at Apple.
The FMI Off service reportedly processes thousands of orders daily using USDT payments. In light of these developments, a phone repair company has accused Apple of ignoring the iCloud security flaw that enables stolen iPhones to be unlocked and resold.
This company was reportedly approached by a service that offered to unlock iCloud-locked iPhones for $50, payable in USDT. Although Apple has been reportedly informed about this issue since September 2021, no substantive action has been taken.
Ultimately, these revelations question the security integrity of Apple’s Find My iPhone feature and iCloud service. Despite persistent alerts and the public airing of these vulnerabilities, Apple’s apparent lack of urgency continues to raise concerns among users and resellers alike.
As millions of USDT continue to flow into these illicit unlocking services, the need for Apple to address these security issues has never been more urgent. The phone repair company in question is calling for Apple to investigate and shut down these unlocking services and pay out a bounty for those who bring these security issues to their attention.
The use of USDT as a preferred payment method for these illicit services highlights the growing integration of cryptocurrencies into various aspects of the digital economy. The relative anonymity and ease of transactions offered by cryptocurrencies like USDT make them attractive for such activities.
However, as with any form of digital payment, using cryptocurrencies for illegal activities raises concerns about regulatory oversight and the need for more robust security measures.
Furthermore, suppose the allegations in Rossmann’s video and the subsequent disclosures gain further exposure. In that case, it will be a significant blow to Apple’s reputation for security and could lead to a loss of trust among its users. As millions in USDT continue to be paid for unlocking stolen iPhones, the pressure is mounting for Apple to take immediate and decisive action to protect its users and restore confidence in its security systems.