NL Times

Netherlands

Apple iCloud hacked by Dutch gang

A gang of Dutch-Moroccan hackers, operating under the name Doulci, have somehow managed to crack Apple security, which makes it easy to unlock stolen iPhones. Apple’s online storage service iCloud has never been hacked before. It is used by almost 400 million people, the Telegraaf reports.

According to the hackers, who are hiding behind the names AquaXetine and Merruktechnolog and live in the Netherlands and Casablanca, 30,000 stolen iPhones have been unlocked only in the last few days.

The Telegraaf claims that especially Chinese traders buy up locked Apple devices from eBay and other marketplaces for a quick win. iPhones are bought for around $50-$150, to sell them unlocked for $450 to $700.

iPhones and iPads which Apple have locked because they were modified against Apple’s rules by the owner, are also now very easy to unlock.

Apple is working now to close the leak. According to Mark Loman, security expert from SurfRight, the hackers have placed a fake computer between the iPhone and Apple’s systems in iCloud that give permission to unlock a device.

This fake computer manipulates the iPhone’s requests. The phone believes it is communicating with the Apple server. Loman believes the hackers are capable of even more, such as reading iMessage information.

The hackers spent five months on the hack operation. First, they inspected how Apple’s security system fits together, locating the weak spots. According to AquaXetine, their motive is not to earn money, but to make Apple-users aware of the apparent lack of security in iCloud.

They are angry that Apple claims so much about their security system. The hackers say that they have brought the critical leak to the attention of the company at the end of March. Apple has yet to respond for comment.

Ronald Kingma, director of Securelabs in Amersfoort, does not think this is wise. “Very bad that Apple doesn’t make itself heard and that the leak has to come out in this manner.”

Kingma’s discussion with the hackers, and seeing the evidence, leads him to warn iCloud users to refrain from using the online storage space. It could take some time before Apple has fixed the leak, which means that passwords and any personal information users store in iCloud could be at risk.