Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

iPhone 7s arrive logged into strangers’ Apple IDs, iOS 10 browser raises privacy concerns

While consumers complain that new iPhones are already logged into strangers' accounts, those with functioning devices should be relieved that researchers said a recently discovered private browsing flaw in iOS 10 isn't as bad as it seems.

The iPhone glitch prevents users from signing in to their accounts and from setting up their devices. It reportedly affects new iPhone 7 and 7 Plus models when they are turned on for the first time and iPhone 6S and iPhone 6s Plus models when they are restored to default setting, according to Mac Rumors.

When the device is turned on it triggers an Activation Lock, a security feature of Find My iPhone that prevents others from using a lost or stolen iPhone. One user reported receiving a new phone that looked immaculate with a screen appearing to be in perfect condition after taking it out the box.

“Only problem is, it appears someone has already used it as the iPhone is asking for the account used to activate it — [email protected],” one user wrote in a Mac Rumor forum.  “Apple say it needs replacing […] Now got to wait for an expedited replacement iPhone once I've returned this one.”

Some users were reportedly able to unlock their phones after providing a proof of purchase at an Apple retail store, scheduling a Genius Bar appointment, or remotely calling Apple's support team.

Separately, late last month, IntaForensics Digital Rorensic Analyst Stacey Jury reported that Apple had made the private browsing feature in iOS 10 “less private” since it doesn't properly delete data, leaving it vulnerable to recovery, according to a Sept. 30 blog post.

Since the discovery, independent third-party researchers, including Russian computer forensics software firm Elcomsoft, have played down the significance of the supposed vulnerability spotted by Jury, according to The Register.

“We looked at iOS private browsing mode a little bit, but have not found any issues - implementation seems to be good enough; all temp files seem to be properly deleted, visited links are not being saved in history etc.,” ElcomSoft researcher Vladimir Katalov told the publication.

Apple has yet to respond to SCMagazine.com concerning either of the issues. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.