The Underground Company That Hacks iPhones for Regular Consumers

 

“Activation Lock,” a message that appears across the iPhone screen is read. “This iPhone is associated with an Apple ID. Enter the Apple ID and password that was used to set up this iPhone.”

 

This lock basically turns iPhones into expensive paperweights until the owner enters the required credentials. This feature is designed to prevent anyone else from using the phone if it is lost, or to prevent thieves from making money by reselling a stolen device. Activation Lock is intended in part to make iPhones less attractive to thieves because stolen devices cannot be used.

 

Now, a secret group is offering people a way to strip this lock from certain iPhones through its pay-for-hacking service. iOS security experts suspect that it is used to remove protection from stolen iPhones. The hacking group called Checkm8.info that offers the service, which raises its name from a free-to-use jailbreak, insists that its tool cannot be used by thieves.

 

“Our goal is the ability to repair electronics because it is the key to saving resources and addressing e-waste and environmental damage,” the Checkm8.info manager told Motherboard in an email. motherboard has I previously wrote about How criminals used scam emails to get the login credentials necessary to remove Activation Lock. Checkm8.info provides a much easier method, and seems to simplify what is usually a complex process into a process for non-technical users to follow. Checkm8.info is true that Activation Lock can be frustrating for iPhone repair professionals, e-waste facilities, refurbishers, Cause so many perfectly good phones Obtained by legal means to be cut up or destroyed. One Checkm8.info user told Motherboard that they used the service as part of their legitimate phone resale business.

 

Do you have more information about criminals using Activation Lock bypass tools? We love to hear from you. With a phone or computer that is not working, you can safely contact Joseph Cox on Signal at +44 20 8133 5190, Wickr at josephcox, OTR chat at [email protected] or email [email protected].

 

Under the hood, Checkm8.info uses files checkra1nan open source jailbreak tool released in 2019. Checkra1n uses a vulnerability called checkm8 Written by the developer known as Axi0mX.

 

I don’t like it, but I don’t know what I can do about it,” Axi0mX said in an online chat about checkm8.info. “Either way I support the practice nor the checkra1n jailbreak team and the checkra1n either.”

 

Checkm8.info only works with devices running iOS versions 12 through 14.8.1, according to the checkm8.info website. That’s because checkm8 only works on older iPhones, even iPhone X, as it exploits an older version of the iPhone’s bootrom, which is the first code that runs on the iPhone when it boots up. Newer iPhones have updated the bootrom code which is not vulnerable to checkm8.

 

Activation Lock is enabled on your Apple device When the user sets up Find MyApple’s service that lets people track the location of their iPhone, Mac, or Apple Watch. Next, anyone who wants to erase or reactivate the device – something that may be vital for sellers – needs to enter the relevant Apple ID password.

 

A video on checkm8.info shows how simple the process of using the checkm8.info tool is. The user downloads, installs, and opens the software and then connects the target device to a Mac or PC.

 

“Get ready to jailbreak!” The narrator says in the video at some point. The video then shows the checkra1n jailbreak in action on the device.

 

Normally, if the user is running the checkra1n jailbreak themselves, this will be the end of the process. But checkm8, info, is in its task of choosing a free program and making profit, and then asks users to purchase a license to complete the hack. The site charges $69.99 per license, according to the video. In private Motherboard tests, the price has been lowered and the organization is now asking for $49.99.

 

“Done! You have successfully bypassed the iCloud activation lock on your device,” the narrator adds.

 

The official told Motherboard in an email that they sell 30 to 150 licenses per month, which range from $2,100 to $10,500.

 

Checkm8.info has a number of obvious competitors that provide similar services as well, like Minacriss And the iRemoval PRO. A post in iRemoval PRO’s Telegram channel mentions the use of the checkm8 exploit as well.

 

Checkm8.info also offers a service it describes as “iPhone passcode bypass.” However, this service is not a tool similar to iPhone unlocking services like Cellebrite and GrayShift. “This service returns the device to factory settings and activates it as a new device with a saved activation card from the system. So basically this method does not have anything with brute effect or user data leakage. The passcode is a common name used by other tools for this service, so we decided Give it the same name,” the checkm8.info official told Motherboard.

 

Checkm8.info also provides a reseller program where sellers can sign up to purchase checkm8.info licenses in bulk, possibly for their domain unlocking service.

 

Kevin Flash runs a company called SellLocked that buys iPhones that have Activation Lock. For example, SellLocked.com is offering $25 off an iPhone X in good condition with Activation Lock, according to a quote generated by the site. Flash told Motherboard in a Facebook message that it is using checkm8.info to remove the lock and then resell the now working phone. Once Activation Lock is enabled in a phone and no one can remove it for any reason, he said, “many Apple products become actual rubbish beyond some key parts.”

 

“The waste is just astronomical,” he added. In a Facebook post, Flash said he used checkm8.info on 30 iPhone Xs.

 

 

OkemoZurs, an Apple collector, told Motherboard that he has successfully used a service similar to checkm8.info. “I actually used something with the same technology that’s used on some locked iCloud devices [Activation Lock] devices before.

 

Users on checkm8.info’s Discord server claim that they want to use the tool for things like unlocking a device they purchased.

 

“I want to bypass activation lock on my MacBook air 2019 that I bought from an old man for my little brother. Can I run the checkm8 service app perfectly on a virtual machine as I only have a Linux PC”, a user posted on checkm8 server. info Discord in March.

 

Motherboard tested checkm8.info on a T-Mobile phone that was reported stolen. The checkm8.info tool has successfully jailbroken the target device, but the part of the software responsible for bypassing Activation Lock has crashed several times. This may be because the process requires the mobile signal to complete, and T-Mobile has blocked the phone from receiving or sending messages. The process was very fast, and could reasonably be done before the victim could report their stolen phone.

 

Jailbreaker developer checkra1n told Motherboard, “I think there are two types of users who are looking for this kind of service though: (1) those who actually steal phones because they know they can unlock them and put them up for sale, and (2) users who have been hacked. tricked them into buying a stolen device that was later locked or locked.”

 

The checkm8.info official added, “Personally, I consider Apple to be very strict regarding the vendor lock policy. If you check out Apple’s specialized forums on the web, there are a lot of claims by users who have their accounts locked for many different reasons and can’t or can’t regain access to them. on recovering lost passwords for their accounts.”

 

People in the iPhone security and jailbreaking research community believe that the service is for illegal purposes – to unlock stolen iPhones. Axi0mX, developer checkm8 exploitIn an online chat, he told Motherboard that services bypassing Activation Lock would be useful for unlocking stolen phones.

 

“I am disappointed to see that (for most of them) checkera1n [sic] A security researcher who specializes in iOS hacking, who requested anonymity because he was not authorized to speak to the press, told Motherboard that the team’s efforts were misused to provide such services. “I am just an ardent user of checkra1n. What I find disturbing is that people are using a research tool to make software that will potentially help the iPhone theft industry – and the fact that they are making money from freely released work.”

 

 

The checkm8.info official in charge of checkm8.info said that the service does not cover stolen devices. They said the service uses an API from GSMA, the trade body for the wireless industry, to check if a device is on a “blacklist”, which could mean the device has been lost or stolen. This is additional protection on top of Apple’s Activation Lock. Network carriers and repair companies Use this API to check stolen status.

 

“Protect your reputation by reducing the likelihood of accepting stolen or lost devices,” the GSMA website reads in a section describing how the device inspection service Can be used by recycling devices.

 

The checkm8.info official claimed that they used the GSMA tool to detect stolen devices and prevented them from using the jailbreak.

 

“We also reject such devices in our system,” they wrote in an email.

 

This API will only work if the victim reports that their device has been stolen. After the consumer reported the theft of their devicesThen, the operator marks the IMEI – a unique identification code – as belonging to a stolen device. But if the consumer does not report the theft of the phone themselves, there may still be a window for the thief to post checkm8.info information against the phone that only has Activation Lock enabled.

 

The GSMA declined to speak officially. T-Mobile told Motherboard that it is reporting stolen devices to the GSMA database.

 

At least some Apple employees are familiar with Checkm8.info. An Apple Product Security employee follows the group on Twitter. Twitter suspended the checkm8.info account briefly in April, but the account is back online at the time of writing.

 

Apple declined to comment.

 

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new channel on Twitch.