Thieves Use Telegram‑Sold Tools to Unlock Stolen iPhones, Enabling Black‑Market Resale
What Happened — Infoblox researchers uncovered Telegram groups selling inexpensive unlocking tools and phishing kits that bypass Apple’s Activation Lock on stolen iPhones. The services include a Windows‑based jailbreak utility, “FMI OFF,” and “iCloud Webkit” smishing kits that trick owners into revealing Apple credentials.
Why It Matters for TPRM —
- Unlocked devices can be used to harvest corporate credentials and access enterprise iOS apps.
- The low cost and ease of acquisition increase the incentive for device theft, raising the overall risk to any organization with a BYOD or corporate iPhone fleet.
Who Is Affected — Consumer electronics, mobile‑device‑management (MDM) providers, enterprises with BYOD iOS deployments, and any vendor handling iPhone provisioning.
Recommended Actions — Review and tighten MDM policies (enforce remote wipe and Activation Lock), educate users about smishing attacks impersonating Apple Find My, monitor DNS for Apple‑look‑alike domains, and vet third‑party services that manage iOS devices.
Technical Notes — Attack vector: phishing/smishing via look‑alike Apple Find My domains; tools: Windows‑based jailbreak unlockers, “FMI OFF,” “iCloud Webkit.” No specific CVE cited. Source: Help Net Security