Apple’s decision to remove its Activation Lock status checker from iCloud may have been because the tool helped hackers bypass Activation Lock on bricked devices by stealing serial numbers from legitimately bought iOS hardware.
The activation lock checker allowed people to see online if a used iPhone was still tied to a seller’s account. This check could be carried out by typing a handset’s serial number into the status checker on iCloud.com, allowing the buyer to avoid purchasing locked devices.
Activation Lock itself is designed to prevent anyone else from using an iOS device if it’s been lost or stolen, unless they know the Apple ID and password for the device. The feature is enabled once Find My iPhone has been set up.
However, as MacRumors reports, the online checker was being used by hardware hackers to reactivate iPads that were bricked by Activation Lock.
As a video of the hack shows, it’s possible to calculate a legitimate serial number from a device that has not yet had Activation Lock activated, and then write that serial number to a locked device’s hard disk.
The iCloud lock checker is used to verify whether that calculated serial number is valid and linked to a device with Activation Lock set to off. If it is off, a device with that serial number can be activated by a new user.
Apple hasn’t said why it decided to take down the feature from iCloud, but as MacRumors further notes, the hack may explain a number of recent cases in which people have bought a brand new iPhone from Apple only to discover that it’s already tied to someone else’s Apple ID.
That issue has affected iPhone 6s, 6s Plus, 7, and 7 Plus devices since September, and requires Apple to fix it.