How Thieves are Cloning your iPhone Online

iCloud Removal is without a doubt one of the biggest scams online and the thieves claiming to provide these services know this. They also know you are desperate to remove iCloud. That is why this so-called service has attracted so much attention by would-be buyers online. If you were to do a search online right now, you would see dozens of websites on the internet that claim that they can remove iCloud. I am here to tell you that they cannot. Phonlab has spearheaded this research since 2016 and we have learned a lot about what worked in the past, and why it no longer works, and will never work again. If you have any doubt, just watch our YouTube video Here. These scammers take advantage of a plethora of misinformation online that is designed to confuse you, so that they can make money. That being said, there is always the possibility of removing any type of security on any smartphone or tablet. But when you're dealing with something that is stored on the server, it may be time to accept the fact that you will never be able to use that device again, unless you can get the account holder to remove the Apple ID from that device. That is close to impossible unless you are email phishing. Email phishing is not a true hack, but it is deception and fraud, and it’s illegal. So the next time you read an ad online that says “iCloud Removal, Guaranteed 24-48 hours Clean or Lost”, that is a classic example of someone who has access to find Apple ID information, and they are attempting to email phish those account holders credentials by email online.

Recent Scams Online

The latest scam that we found involves something much more complex. We ran into this during research and testing. It is called IMEI Poaching. Here is how it works. The thieves set up a website that claims to be able to provide you with accurate information on the status of an Apple device like an iPhone or iPad that you may be interested in purchasing. You basically submit that IMEI and the serial number of the device that you have, in hopes that you have a clean device. Let me explain. A clean IMEI and serial number is one that has not been reported lost or stolen to Apple through the FMI or “Find my iPhone” feature which allows an owner to remotely lock the device and track it, if they lose the device or it is stolen. It also has no iCloud account associated with it. Any such account has been signed out and removed from that device.

If you're an unsuspecting consumer online, you may be looking for a legitimate website that can provide you with the status of the device you're purchasing. Since Apple has closed down its original website to check that status, your search online could take you to one of many websites online that are designed to hijack that IMEI and serial number for cloning purposes.

The reason we know this that we have seen and even verified that the device will re-lock with a new Apple ID once you give up that information online. This situation allows the thief to identify good devices online by tricking you into giving up the device information (IMEI / Serial No.). How did Apple finally figure this out? Imagine you're at the Apple store buying a brand new iPhone or iPad. Then during the account setup in the store, the device is already locked. Yes it did happen. It happened so much that Apple finally realized the breach and had to pull the plug on the activation lock website.

Apple’s Dirty Little Secret

Let’s back up for a moment. In early 2017, Apple suffered an embarrassing breach into their security and exposed millions of user account IMEI and serial numbers online. At the time the website was a place where you could go to verify the IMEI of a particular device like an iPhone if you were to buy it second hand online or in person. The problem was this online data base contained every IMEI and serial number that Apple had produced.

This breach allowed the thieves to figure out which IMEI numbers were good or not and build a database of good devices that they could clone. So even if the website was taken down they still have a cache of collected website data that they can use. How do we know this? Take a look at the website we located, It is the cached replicated website of the old Apple activation lock website. Back around the time of the activation lock website breach, a YouTube video surfaced online which showed an Apple A9 chip being removed from an iPad. That chip had the old information removed using a tool that was created by a company called “REWA Technologies” out of China. (You can check out that video HERE ). This tool basically removed the old IMEI and serial number from the iPad and replaced it with a good one that was verified and taken off the Apple Activation lock website. Once Apple found out about this, they removed the website without announcing it.

How to Protect your Device Online

Okay, now that you have a good understanding, what can you do to protect yourself? That is really simple: never under any circumstances share your IMEI or serial number of your iDevice online for any reason. It doesn’t have to be for activation lock verification. The thieves could dupe you in many ways to get you to reveal your information. The important thing to know is that you have only one option now, and that is to visit an Apple Store and have that information verified by an Apple employee. Or if you're buying or selling online, you have to establish some trust, and yes take a little risk.

You have to be proactive online and protect your or your customers' investment, because if you ever try to buy or sell a device, you will have to give that information for a check, unless you believe that the device you're buying is clear, or they believe you. It doesn’t give you a lot of comfort knowing this, but knowing that you could face a situation that could turn out to be a disaster, helps a little.

Time is on your side

The good thing is that cloning an Apple chip is not something that is very easy; not many people can successfully remove that chip and replace it. There may also be some problems with any cloned device, too: when you open any iPhone or iPad it sets off certain alarms. Let me explain. When you have your iPhone display replaced, even if it were a perfect replacement, the Apple store would know that the device was tampered with. How you may ask?

Apple has software programs similar to Purple Restore that let the Apple employee know that the device has been opened. If they do not have an Apple service history of that device, the warranty would be void. We have also seen through several third-party repairs or services, like iOS updates, failing too, though we have never verified if IMEI Cloning has found a way around this.

A Final Word

Since the debut of iPhone, there have been attempts to bypass and remove security, whether it is a jailbreak or iCloud removal. The desire to get into the world's premiere smartphone will always attract legitimate hackers and thieves alike, but know this: Apple is relying on security that is stored on a server that you will never have access to. It is not located on the device. And as I said earlier, it may be time to accept certain realities: Apple security is just that good, so the next time you look for iCloud removal online and you see a website that is claiming to remove iCloud remember these two things, they are either phishing the account holders credentials or they are phishing your device information, it's that simple.