Potential security loophole in 'Find my iPhone'
Recently i got an old iPhone 5 hand-down from my pa. He've the machine locked with a simple password and an Apple ID. While I want to factory reset his phone but not knowing his Apple ID password, i found out that the security system is quite vulnerable to breaches.
First i tried a few (possibly 5+ times) unsuccessful wild guesses on his password. Then there is a system message that notifies me that his account has been in lockdown and asked me how i would like to unlock it. 1.by birthday or 2.by email. As all of you may know that the email address have been given all along the process by the system. i chose the latter option which the verification email was automatically sent to the email account linked. But THEN i found out that the iOS's Mail apps is uncompromised and linked to my dad's account. then i easily gain access to his Apple ID and iPhone Find My iPhone off.
This seems like a small little glitch ,maybe for most of us users, that most of us will omit it. But imagine that somehow phone thieves uses this loophole to bypass the Find My iPhone security watch and smuggle stolen phones under the radar. Hope some of Apple's software engineer could get to know the problem. Not trying to brag and no offence, as a student studying CS, this loophole can be easily fixed by logging off the email accounts on the phone to prevent the breach. If you are also concerned of this issue, please kindly spread the word. If anyone( or Apple) wants to know more about the issue, please feel free to contact me via email at **@gmail.com
<Email Edited by Host>
iPhone 5s, iOS 9.2.1, second hand, not jail broken/vanila