Skip to content

How to Bypass the Activation Lock on iOS, iPad, and Mac Devices?

Apple Activation Lock is an in-built security feature that keeps iPhones, iPads, and macOS devices secure from unauthorized access. Users need to enter their Apple ID and password every time they try to reset or activate a device. This binds the device to its owner’s iCloud account.

The iCloud Lock or Factory Reset Protection (FRP) is part of the Find My iPhone app and runs on devices running iOS 7 or later. Activation lock is crucial for protecting sensitive data if a device is lost or stolen and improving the chances of recovery. 

How to bypass Activation Lock on iPhone iPad
How to bypass Activation Lock on iOS and macOS devices?

This blog will explain the concept of activation lock and activation lock bypass and will help you understand how to enable and bypass activation lock on iOS and macOS devices with Scalefusion MDM.

How is Activation Lock enabled on iOS and macOS devices? 

Activation lock is automatically enabled when users activate the Find My feature on their Apple devices. On iOS devices, such as iPhones and iPads, activation lock can be enabled when the user turns on Find My iPhone in the settings app under the Apple ID section. This ensures the device is linked to the user’s Apple ID, making it secure and requiring the owner’s credentials for any future reset or reactivation.

For macOS devices, such as MacBooks and iMacs, the activation lock is enabled when Find My Mac is activated through the system preferences. By doing so, the Mac is similarly tied to the user’s Apple ID, protecting it from unauthenticated access. This security feature is particularly crucial in preventing device misuse if it is ever lost or stolen, as only the iPhone owner’s Apple ID and password can be used to erase or reactivate the device.

Types of Activation Lock

Activation lock is categorized into two types based on its enabling:

1. Organization Linked (MDM) Activation Lock 

Organization-enabled activation lock is a secure method of managing activation lock on iOS devices through an MDM solution. MDM can contact the Apple server to apply the activation lock directly.  

The device applies Activation Lock using Apple Business Manager (ABM) or Apple School Manager (ASM) admin credentials. If an MDM solution fails to clear the lock remotely, administrators can manually unlock it by entering their credentials on the device’s Activation Lock screen.

Organization-enabled activation lock ensures devices can be efficiently repurposed or reassigned within the organization, maintaining data security and operational flexibility. It is currently available exclusively for iOS devices enrolled through Automated Device Enrollment (ADE).

2. User-Linked Activation Lock

The user-linked activation lock allows users to enable it using their iCloud credentials. Since all supervised devices have the activation lock turned off by default, an MDM solution can allow users to turn it on. This is available for supervised iOS and macOS devices. 

What is an Activation Lock Bypass?  

Activation lock bypass removes the activation lock from Apple devices using a bypass code. This eliminates the need for the original owner’s Apple ID and password to clear the lock. Bypass codes offer a fall-back mechanism. IT administrators can clear the activation lock and reset and activate devices, ensuring they remain usable and secure for the new user. 

Activation lock bypass is particularly useful in organizational settings where devices must be repurposed or reassigned after an employee leaves or joins the organization. This helps maintain the operational use of corporate devices while upholding device security, as it allows for the reactivation and reuse of devices without compromising their protection against unauthorized access.

What is the Need to Bypass the Activation Lock?

While Activation Lock is beneficial for securing personal devices, it presents challenges for corporate devices. Many organizations issue mobile devices to employees, each linked to the employee’s account. When an employee leaves and returns the device, the IT admin encounters a prompt for the previous employee’s credentials during a reset. 

The device becomes unusable if those credentials are unavailable. Turning off the Activation Lock on corporate devices is not ideal, as it leaves them vulnerable to misuse if lost or stolen. Therefore, bypassing Activation Lock on MacBooks and iOS devices using a bypass code is necessary to maintain device security while ensuring they can be efficiently reassigned within the organization. 

Types of Activation Lock Bypass Codes

Based on the activation lock applied, there are two types of bypass codes: 

1. MDM-Generated Bypass Code

This type of code is generated by a mobile device management solution at the time of device enrollment. IT administrators can remotely clear the activation lock on devices managed through the MDM software. This is especially useful for organizations that use an MDM solution to manage their iOS and macOS devices, ensuring devices can be easily reused. 

2. Device-Generated Bypass Code

This code is generated by the device when the activation lock is user-linked. Device-generated bypass codes are available for 15 days or until an MDM solution clears it. These codes are generated while setting up the device for the first time. 

How To Bypass Activation Lock with Scalefusion MDM?

When user credentials linked to the Activation Lock are unavailable, IT administrators can retrieve the bypass code from the Scalefusion MDM dashboard to manually bypass the Activation Lock. Follow the below steps to bypass the Activation Lock: 

On Scalefusion Dashboard

Step 1: Log in to the Scalefusion dashboard.

bypass activation lock on iphone

Step 2: Go to the Devices tab and select the iOS device for which you want to bypass the activation lock.

apple activation lock removal

Step 3: In the device details dialog, click the Settings icon in the top right corner and select the Full Device Information tab.

bypass iPhone activation lock

Step 4: In the Full Device Information dialog, navigate to the Device Info section.

bypass ipad activation lock

Step 5: Click on Bypass Code to view both the device-generated and MDM-generated bypass codes.

apple activation lock

On Device

Step 1. On the Activation Lock screen, leave the username field empty and enter the MDM-generated bypass code in the password field. This will bypass the activation lock.

activation lock bypass
Note: Ensure the iOS device you want to bypass is enrolled in the Scalefusion dashboard through Apple Configurator or Apple Business Manager. Enrolling devices using any of the aforementioned methods will remove the Activation Lock and the user will not be able to enable it. 

Get Scalefusion for Activation Lock Bypass

Scalefusion MDM enables your organization to benefit from the activation lock’s theft-deterrent features while bypassing the lock on company-owned devices without requiring the former employee’s Apple ID credentials. With Scalefusion, you can enhance the operational efficiency of iOS and macOS devices and maintain comprehensive control over your Apple devices.

Contact our experts to book a free demo or opt for a 14-day free trial today to see activation lock bypass in action. 

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Scalefusion
Scalefusion’s company DNA is built on the foundation of providing world-class customer service and making endpoint management simple and effortless for businesses globally. We prioritize the needs and feedback of our customers, making sure that they are at the forefront of all decision-making processes. We are dedicated to providing comprehensive customer support services, and place emphasis on customer-centric thinking throughout the organization.

How NAC Supports NIST SP 800-53 Cybersecurity Requirements Copy

In the ever-evolving landscape of cybersecurity, organizations continuously seek robust mechanisms to protect their networks and data. One effective approach is implementing Network Access Control (NAC), which plays a critical role in meeting the stringent cybersecurity requirements set forth by the National Institute of Standards and Technology (NIST) in its Special Publication 800-53. This publication provides a catalog of security and privacy controls for federal information systems and organizations to enhance their security posture.

What is Network Access Control?

Network Access Control (NAC) is a security solution that enforces policy compliance on devices that attempt to access network resources. NAC can deny network entry, restrict access to certain areas, or place devices in a quarantined area until they meet the network’s security standards. This mechanism is vital in preventing unauthorized access and managing the security of devices over their lifecycle. 

Alignment of NAC with NIST SP 800-53

NAC supports several key security controls outlined in NIST SP 800-53, ensuring that organizational networks remain secure and resilient against threats. Here’s how NAC aligns with some of these controls:

1. Access Control (AC)

NAC systems are paramount in enforcing access control policies by ensuring that only authenticated and authorized devices can access network resources. This is in line with AC-3 (Access Enforcement) and AC-17 (Remote Access), which mandate that access to organizational systems is controlled and managed effectively.

2. Identification and Authentication (IA)

By integrating with identity management solutions, NAC ensures that all devices are properly identified and authenticated before gaining network access, aligning with IA-2 (Identification and Authentication). This prevents unauthorized devices from accessing sensitive data and systems.

3. System and Communications Protection (SC)

NAC contributes to the protection of system boundaries through policies that isolate and control the flow of information between networks. SC controls, such as SC-7 (Boundary Protection), are supported by NAC solutions that monitor and control communications at the boundaries of network segments.

4. Audit and Accountability (AU)

NAC systems can log and monitor all attempts to access the network, providing a detailed account of device activities. This supports AU-2 (Audit Events) and AU-12 (Audit Generation) requirements by ensuring that actions affecting security are recorded and available for review.

5. Configuration Management (CM)

NAC aids in maintaining the security configuration of devices throughout their lifecycle. By ensuring devices comply with CM-7 (Least Functionality), NAC restricts software installations and functions that might compromise security.


 

Benefits of Implementing NAC in Alignment with NIST SP 800-53

Implementing NAC not only supports compliance with NIST SP 800-53 but also brings several benefits to organizational cybersecurity strategies:

  • Enhanced Visibility and Control: NAC provides complete visibility of all devices on the network, including BYOD and guest devices, allowing for better control of who accesses what resources.
  • Automated Response: NAC can automatically respond to non-compliance and security threats by restricting access or quarantining devices, thus reducing the risk of security breaches.
  • Regulatory Compliance: For organizations subject to regulations, NAC helps in maintaining continuous compliance with security policies and regulations.

The alignment of Network Access Control with NIST SP 800-53 requirements is a testament to its value in a comprehensive cybersecurity strategy. By enforcing robust access control, ensuring proper identification and authentication, and supporting system integrity and accountability, NAC not only adheres to but enhances the security controls recommended by NIST. As cyber threats continue to evolve, the role of NAC in securing network environments remains indispensable, ensuring that organizations can protect their critical information assets effectively.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

Return on MSP Investment: 5 Ways to Maximize Your Profit Margins

Looking for innovative ways to drive sustainable growth and build a thriving MSP business?  

In this blog, we’ll explore five strategies to maximize your profit margins, including a smart business model that allows you to expand your service offerings without adding extra staff and the long-term investment gains of cybersecurity. Let’s dive in.

5 Ways to Maximize Your MSP Profit Margins

Here are 5 ways you can increase revenue, reduce liability costs, improve customer retention, and think long-term investment for a more lucrative future.

Get cyber insurance: Every MSP should have cyber insurance at a bare minimum. Cyber insurance can help reduce litigation costs and cover other fees that might be incurred out of pocket in the event of a security incident or breach.

In addition to financial coverage, cyber insurance companies typically provide a dedicated incident response team to quickly address and mitigate breaches, ensuring that business operations can continue with minimal disruption.

Cyber insurance also provides peace of mind by offering financial protection against unknown events such as third-party disputes and other regulatory fines. Cyber insurance lets you maintain business operations and prevent potential losses beyond the balance sheets. Not only is cyber insurance a sound investment, but it’s also a strategic asset that is essential when doing business with clients.

Expand service offerings: Do you offer cloud migration, pen testing services, or have a thorough understanding of how to fix vulnerabilities in code? All can provide you with a competitive edge in the market.

Does that mean you need to have a deep technical understanding of Python to write code or know the rules of ethical hacking to conduct a pen test? Not at all. It means that you need to outsource those services to a reputable third party and collect your percentages or fees.

Technical arbitrage can provide you with a great revenue stream. Other ways to expand your offerings include partnering with other trusted MSPs that can accommodate the extra work. This frees you up to take on other projects and focus on higher paying clients. Niching down by industry or specific service can also help you stand out in a crowded MSP market. Once you expand, you can always upsell and cross-sell existing clients or create tiered service packages that offer more features or higher levels of service.

Upgrade your security stack: Are you using the same routers and switches from 2005? You might want to consider upgrading your security stack. Seriously. Besides those products being discontinued or nearly obsolete nowadays, it’s also costing you in terms of bandwidth, connectivity, and optimal performance. It’s also costing you in terms of security.

Older routers weren’t built to support the latest security protocols or software updates. Outdated switches might not have enough ports to accommodate the growing number of devices, impacting your ability to segment network traffic and maintain a secure environment.

These open, unsecured ports can leave your endpoints vulnerable to unauthorized access, making your network an easy target for cyberattacks. Upgrade your equipment. Reddit forums are excellent places to get actual feedback on security tools and hardware devices from fellow IT professionals and network engineers. Invest in your security stack.

Focus on recurring revenue: Recurring revenue is the lifeblood of any successful MSP business practice. Recurring revenue also means that you have mastered client retention. That’s a big thing too because the cost of acquiring a new customer can be as much as five times higher than retaining an existing one. Look at it from a P&L ratio, if it costs you 5x more to acquire a new client, then those POCs better justify the investments, or else your business won’t achieve sustainable growth or succeed in the long run.

Build those customer relationships once you sign any contracts. Don’t wait until your agreement is almost up to offer that extra level of support. Show your clients that you truly value and appreciate them. Go the extra mile for them. As an MSP, you might wear multiple hats if you run a smaller business. That means you might be their technology advisor, solution architect, account manager, and customer support team—all at once. Your clients depend on you, so make them feel valued.

Don’t be afraid to negotiate terms either. POCs for enterprises might run several months or longer, but once you get that client locked in, it’s your responsibility to keep them there. And that centers around the customer experience. Retention is a huge part of recurring revenue. Futureproof your business in this turbulent economy by offering your clients top-tier services. The returns will pay off in dividends.

Invest in cybersecurity: One way to attract more clients and increase your profit margins is to invest in cybersecurity. Why? Because it allows you to offer specialized services that protect your clients’ critical assets. Convincing your clients isn’t so difficult when you break down the estimated cost savings attributed to potential data breaches and other cyber threats, such as ransomware attacks, phishing scams, and insider threats.

The cost of a data breach as of 2024 is $4.88M. Keep in mind that we’re not factoring in other damages and losses the company might absorb in the process.

Investing in cybersecurity benefits your clients and your business. You want to be able to secure all assets while making a profit. Think of it as a strategic business investment. KPIs such as ROSI (Return on Security Investment) allow you to demonstrate to clients how your cybersecurity solutions not only protect their critical assets and operations but also show them a long-term return, as they can prioritize mitigation of vulnerabilities based on business objectives. And that’s priceless.

Still unsure of how to convince your clients of the benefits of cybersecurity?

Check out our guide on How to Sell Cybersecurity to Your MSP Clients in 6 Easy Steps and make sure you incorporate those techniques into your selling approach.

Maximize Your Return on Cybersecurity Investment with Guardz

Speaking of maximized profit margins and ROSI, Guardz provides MSPs with a multi-layered approach that consolidates fragmented cybersecurity tools and solutions into a unified platform. Guardz offers endpoint security, email security, cloud data protection, and an external footprint of your digital assets to show how an attacker might exploit vulnerabilities.

Give your clients the security and peace of mind they deserve. Boost your revenue and future returns by consolidating your cybersecurity tools and solutions with Guardz today.

Start Free Trial

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Guardz
Guardz is on a mission to create a safer digital world by empowering Managed Service Providers (MSPs). Their goal is to proactively secure and insure Small and Medium Enterprises (SMEs) against ever-evolving threats while simultaneously creating new revenue streams, all on one unified platform.

Start Free Trial

ESET Research discovers NGate: Android malware, which relays NFC traffic to steal victim’s cash from ATMs

  • Attackers combined standard malicious techniques – social engineering, phishing, and Android malware – into a novel attack scenario; ESET suspects that messages impersonating Czech banks were sent to random phone customers in Czechia, and they caught customers of three banks.
  • According to ESET Brand Intelligence Service data, the group had operated since November 2023 in Czechia, and, as of March 2024, the rating of the group’s techniques improved via the deploying of the NGate Android malware. 
  • Attackers were able to clone NFC data from victims’ physical payment cards using NGate, and relay this data to an attacker’s device, which was then able to emulate the original card, and withdraw money from an ATM.
  • This is the first time we have seen Android malware with this capability being used in the wild, and without the victims having had their devices rooted.

BRATISLAVA, KOŠICEAugust 22, 2024 — ESET researchers uncovered a crimeware campaign that targeted clients at three Czech banks. The malware used, which ESET has named NGate, has the unique ability to relay data from victims’ payment cards via a malicious app installed on their Android devices, to the attacker’s rooted Android phone. The primary goal of this campaign was to facilitate unauthorized ATM withdrawals from the victims’ bank accounts. This was achieved by relaying near field communication (NFC) data from the victims’ physical payment cards, via their compromised Android smartphones, by using the NGate Android malware, to the attacker’s device. The attacker then used this data to perform ATM transactions. If this method failed, the attacker had a fallback plan to transfer funds from the victims’ accounts to other bank accounts.

“We haven’t seen this novel NFC relay technique in any previously discovered Android malware. The technique is based on a tool called NFCGate, designed by students at the Technical University of Darmstadt, Germany, to capture, analyze, or alter NFC traffic; therefore, we named this new malware family NGate,” says Lukáš Štefanko, who discovered the novel threat and technique.

Victims downloaded and installed the malware after being deceived into thinking they were communicating with their bank and that their device was compromised. In reality, the victims had unknowingly compromised their own Android devices by previously downloading and installing an app from a link in a deceptive SMS message about a potential tax return.

It’s important to note that NGate was never available on the official Google Play store.

NGate Android malware is related to the phishing activities of a threat actor that has operated in Czechia since November 2023. However, ESET believes these activities were put on hold following the arrest of a suspect in March 2024. ESET Research first noticed the threat actor targeting clients of prominent Czech banks starting at the end of November 2023. The malware was delivered via short-lived domains impersonating legitimate banking websites or official mobile banking apps available on the Google Play store. These fraudulent domains were identified through the ESET Brand Intelligence Service, which provides monitoring of threats targeting a client’s brand. During the same month, ESET reported the findings to its clients.

The attackers leveraged the potential of progressive web apps (PWAs), as ESET reported in a previous publication, only to later refine their strategies by employing a more sophisticated version of PWAs known as WebAPKs. Eventually, the operation culminated in the deployment of NGate malware.

In March 2024, ESET Research discovered that NGate Android malware became available on the same distribution domains that were previously used to facilitate phishing campaigns delivering malicious PWAs and WebAPKs. After being installed and opened, NGate displays a fake website that asks for the user’s banking information, which is then sent to the attacker’s server.

In addition to its phishing capabilities, NGate malware also comes with a tool called NFCGate, which is misused to relay NFC data between two devices – the device of a victim and the device of the perpetrator.  Some of these features only work on rooted devices; however, in this case, relaying NFC traffic is possible from non-rooted devices as well. NGate also prompts its victims to enter sensitive information like their banking client ID, date of birth, and the PIN code for their banking card. It also asks them to turn on the NFC feature on their smartphones. Then, victims are instructed to place their payment card at the back of their smartphone until the malicious app recognizes the card.

In addition to the technique used by the NGate malware, an attacker with physical access to payment cards can potentially copy and emulate them. This technique could be employed by an attacker attempting to read cards through unattended purses, wallets, backpacks, or smartphone cases that hold cards, particularly in public and crowded places. This scenario, however, is generally limited to making small contactless payments at terminal points.

“Ensuring protection from such complex attacks requires the use of certain proactive steps against tactics like phishing, social engineering, and Android malware. This means checking URLs of websites, downloading apps from official stores, keeping PIN codes secret, using security apps on smartphones, turning off the NFC function when it is not needed, using protective cases, or using virtual cards protected by authentication,” advises Štefanko.

For more technical information about the novel NFC threat, check out the blogpost “NGate Android malware relays NFC traffic to steal cash” on WeLiveSecurity.com. Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.

Overview of the attack

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×