Aussie’s have discovered a security in Apple’s iCloud service.

A Sydney Apple user discovered a flaw that “allows owners of second-hand Apple devices to be tracked by the original owner, who can also remotely wipe all the data off the device.”

A tech-savvy Sydney Apple user, who does not want to be named, contacted Fairfax Media after selling his MacBook Air only to find that he was still able to track the device using Apple’s “Find My Mac” feature, even though he erased the laptop’s hard drive before selling it.

Find My Mac / iPhone / iPad, part of iCloud, lets users track their Apple devices over the web if they have been lost or stolen. In addition to plotting the location of the device on a map it can also be used to remotely wipe the device of all data.

But it appears that if you erase the data from your Apple device or remove the iCloud account when the device is not connected to the internet, it doesn’t de-link the device from your account on Apple’s servers.

When the new owner logs in to the device with their own Apple ID and switches on iCloud / Find My Device, the previous owner is still able to track the device and wipe the data using their own iCloud account, without knowing the Apple ID details of the new owner.

An item buried on Apple’s support pages instructs users on how to remove iCloud before selling their device, but the affected Apple user said this was far from clear to most people, who wouldn’t realise they had to do anything more than erase the hard drive of the device before selling it.

“When I did the factory reset [on the Macbook Air] it doesn’t appear to de-link my Apple ID to the device serial number and so when this guy turned on … Find My Mac I was able to see his location of his device and track it without his knowledge,” said the user, who claims to have replicated the issue on an iPhone set to flight mode.

“Anyone who’s bought a second-hand Apple device probably needs to be very careful about turning on Find my Device because potentially the person they bought it from may have access to their whereabouts and access to their machine.”

20120806-184307.jpg

Tagged with:
 

Leave a Reply

About The Author

Nick

Nick is an IT Professional who has been in the IT industry for over 15 years. A passion for technology & thirst for knowledge. A certified ITIL v3 professional, Nick is qualified & dedicated to delivering effective & efficient IT services with an Honest smile.