Cryptocurrency Tether (USDT) is used for hundreds of millions of dollars in transactions for lost and stolen iPhone unlocking services.
Apple appears to have taken little action despite being alerted to the ongoing security breach in iCloud and Find My iPhone features. These claims are highlighted in a recent video by tech YouTuber and repair technician Louis Rossmann.
(embed) https://www.youtube.com/watch?v=FCSCq5rGxDI (/embed)
Malfunction of Apple Connect
Apple’s well-known security measures are under scrutiny after reports of several iCloud unlock services advertised on various platforms. These services claim to bypass Apple’s security protocols, in particular the Find My iPhone feature, which is designed to protect users’ devices and data.
A large seller, according to Rossmann’s video, reported this glaring issue to Apple but received what appears to be a standard, automated response. This prompted the seller to share email correspondence to demonstrate Apple’s apparent indifference to the issue.
It appears that a group of individuals exploited Apple’s activation server, specifically Level 2 of Apple Connect, a system intended to help employees unlock devices for customers who have forgotten their password or account information. The group reportedly found that an employee was using basic command software to read activation request files from a device and unlock it remotely, even without physically taking possession of it.
It was claimed that within four months the operation had raised more than $180 million, turning in nearly $2 million every two days. Although Apple was notified of the flaw, the group expressed dissatisfaction with the company’s response and continued inaction.
Trouble finding my phone
Meanwhile, another security researcher discovered a separate flaw in Apple’s Find My iPhone feature. Failing to effectively secure Apple IDs, this vulnerability allows users unlimited attempts to guess a password.
It has been speculated that Anonymous Inc. Apple Inc., a company that buys and sells legitimately obtained clean hardware, reported this security flaw to Apple more than eight months ago.
Despite these notifications, Apple allegedly dismissed its reports. This continued ignorance prompted Anonymous Inc to publicly disclose its findings, and is said to have affected its business due to the proliferation of stolen devices that were illegally activated.
The service called FMIoff, also known as Find My iPhone Off’ or Token Fmi Off, is one example that enables an iCloud locked device to become an iCloud unlocked device. With remote work, this service is publicly advertised on various websites and servers.
This breach of iCloud security is being ignored, as claimed by those providing these services, by Apple. There are two suggested ways in which this service could be possible: using an Apple Connect VPN to access the on-premises activation server port or through technical support and access provided by an Apple insider.
FMI Off is said to process thousands of orders per day using USDT payments. In light of these developments, a phone repair company has accused Apple of ignoring the iCloud vulnerability that allows stolen iPhones to be unlocked and resold.
This company was reportedly contacted by a service that offered to unlock iCloud locked iPhones for $50, payable in USDT. Although this issue has been reported to Apple since September 2021, no substantive action has been taken.
Ultimately, these findings call into question the security of Apple’s Find My iPhone feature and iCloud service. Despite constant alerts and public broadcasts of these vulnerabilities, Apple’s apparent lack of urgency continues to cause concern for users and vendors alike.
With millions of USDT still pouring into these illicit unlocking services, Apple’s need to address these security issues has never been more urgent. The phone repair company in question is calling on Apple to investigate and shut down these unlocking services and pay a reward to those who bring these security issues to their attention.
The use of USDT as the preferred payment method for these illicit services highlights the increasing integration of cryptocurrencies into various aspects of the digital economy. The relative anonymity and ease of transactions offered by cryptocurrencies such as USDT make it attractive for such activities.
However, as with any form of digital payment, the use of cryptocurrencies for illegal activities raises concerns about regulatory oversight and the need for stricter security measures.
Furthermore, suppose the allegations in Rossmann’s video and subsequent disclosures gain more exposure. In this case, it would be a huge blow to Apple’s reputation for security and could lead to a loss of trust among its users. With millions of USDT still being paid to unlock stolen iPhones, pressure is mounting on Apple to take immediate and decisive action to protect its users and restore confidence in its security systems.
