The news comes from the Dutch Telegraph.nl magazine [via iPhoneinCanada], this serious security flaw makes thieves able to unblock any stolen iPhone device in some seconds, according to the report. This is the first time a hacker group has managed to compromise iCloud, and, by the way, they have also gained access to the almost 400 million user accounts.
The hackers are on Twitter under the pseudonyms AquaXetine and MerrukTechnolog, and they are offering unlocking services via the doulci.nl website. According to information found on their website, doulCi is the world’s first Alternative iCloud Server, and the world’s first iCloud Activation Bypass.
As of writing, the server isn’t live yet, but when it is it will support all devices except GSM iPads, the iPhone 4s, and the iPhone 5c and 5s, which are currently in beta testing. For those who are skeptical, the hackers have posted a long list of already hacked iPhones, and according to the Telegram, the list contains up to 30,000 iPhones previously reported as stolen or locked by the user.
doulCi is said the be the solution for regaining access to the iPhone, but security expert Mark Loman – whom we contacted yesterday – says he’s afraid the group can do much more, even read iMessages, as Apple has failed to patch an important security hole with the latest updates.
What doulCi does is to manipulate applications on the iPhone so the handset believes it is communicating with the genuine Apple server.
To use doulCi it’s very simple. Just Add the “MAGIC LINE” to you “hosts” file on any operating system you are using, and then you are just in one step forward to make the device bypassed. All you need to do is open the famous software developed by Apple inc. and plug your device in the USB Port on your machine and it will be done in some seconds.
The Alternative iCloud Server is the result of five months of work, and the hacker group says it didn’t do it for money, but to raise awareness about Apple’s false iCloud security claims.
They had already informed Apple in March about the critical leak, but the company left their emails unanswered.