iOS 7 Bug allows disabling of Find My iPhone without AppleID password

As the video below shows, there’s a bug in iOS 7.0.4 that allows anyone with access to your iPhone to disable Find My iPhone. Obviously, this disables the ability to track your iPhone if it is stolen.

According to the linked article, looks like Apple has a fix in the works for the next release of iOS. Bugs like this show the importance of keeping up with the latest iOS release.

  • Joseph Blake

    Wait, so they have to be able to get into your phone without a passcode. So they could put it in airplane mode. So they could bypass it anyway.

    Non-story (although it is a bug and needs to be fixed, it’s not a major issue since your phone is protected by a passphrase/code/touch id, right?)

  • Well, okay, but this requires the device to be unlocked.

  • gjgustav

    Putting the phone in airplane mode disables Find My iPhone too. And that can be done from the lock screen if you have Control Center enabled on the lock screen. To me, that’s a far more egregious problem than this one.

    • Timothy Fultz

      That is an issue yes, however even by placing the device in airplane mode to disable tracking, if the thief resets the device via iTunes Software Restore, he still must know the owner’s Apple ID and password to set the device up.

      This is a flaw for someone who doesn’t use a passcode (and I still see quite a few people who buy phones where I work who don’t want to set up a passcode on, say, an iPhone 5c or iPhone 4S). The gentleman in the video didn’t try a software reset via iTunes but I suspect that if the iCloud account could be deleted as he demonstrated, a software reset thru iTunes would set the device as a brand new phone, not requiring any previous info for setup.

      Good to see from MacRumors that the flaw can’t be replicated in iOS 7.1 beta, so I’m assuming Apple had already realized the flaw and has made a fix.

      • lucascott

        And this is true even with this ‘bug’. it doesn’t turn off Activation Lock. I tried it to see. Activation Lock was on after the restore

        • Timothy Fultz

          Good to hear. I am running a Linux machine for my desktop so I wasn’t able to give it a try myself.

    • lucascott

      But easily fixed. Don’t allow access to control center. Now if you were to say that perhaps Apple should make such access ‘off’ by default cause many don’t realize that it is there to know to turn it off, I would agree. There are actually many things I feel should perhaps be off by default — bluetooth, background app refresh etc