In each of these muggings, the perpetrator allegedly held the victim up at gunpoint, demanded that they pull out their iPhone, and gave them instructions: Disable “Find My iPhone,” and log out of iCloud.
A stolen iPhone which is still attached to the original owner’s iCloud account is worthless for personal use or reselling purposes (unless you strip it for parts), because at any point the original owner can remotely lock the phone and find its location with Find My iPhone. Without the owner’s password, the original owner’s account can’t be unlinked from the phone and the device can’t be factory reset. This security feature explains why some muggers have been demanding passwords from their victims.
In practice, “iCloud unlock” as it’s often called, is a scheme that involves a complex supply chain of different scams and cybercriminals. These include using fake receipts and invoices to trick Apple into believing they’re the legitimate owner of the phone, using databases that look up information on iPhones, and social engineering at Apple Stores. There are even custom phishing kits for sale online designed to steal iCloud passwords from a phone’s original owner.
Fascinating read, especially the coverage of phishing. Incredible balance, with the makers who make valuable things on one end, and the people seeking to convert those efforts into illicitly gotten cash on the other.