According to a recent report, German based security firm Security Research Labs has discovered a bug that allows intruders to bypass the remote wipe feature in Find my iPhone.
They put the iPhone on AirPlane Mode, which kept it from communicating with iCloud so that it couldn’t be remotely wiped. After that, they created a fake finger.
Here’s some more:
Schlabs used a previous-generation iPhone 4S to take the photo. Once he gained access to the iPhone 5S with the fake finger, he looked up the user’s email address. He then went to Apple’s website on an ordinary computer and instructed it to send credentials for resetting its password to the account of the phone’s owner.
At that point, he turned off airplane mode for several seconds: just enough time to retrieve email, but not enough for the “Find My iPhone” feature to disable the device or initiate a wipe.
Once he reset the password, Schlabs said he was able to completely “own” the iPhone: he could take over accounts from outside email providers, and reset passwords by getting email providers to send SMS messages to the hijacked phone.
You can check it out here.