Disabling ‘Find My iPhone’ on iOS 7 without any Password: iOS devices have a feature called ‘Find My iPhone’, allows device owner to locate their stolen devices using linked Apple ID with iCloud Account.
Unfortunately, a security flaw in iOS make it possible to turn off Find My iPhone without a password and enabled thieves to bypass the protection which makes the iPhone traceable if lost or stolen.
To Set-Up ‘Find My iPhone’ feature, users need to link their Apple ID with it and this app not only helps in locating the device but gives its user permission to remove all the data, drive direction to the lost device, lock the device by a passcode and displays a custom message on the locked screen.
Normally, disabling Find My iPhone requires Apple ID password, but according to the vulnerability reported by Miguel Alvarado, thief can bypass all of this security without knowing your Apple account’s password.
In a video demonstration on iOS 7, he explained that just by tapping the “Delete Account” in the iCloud settings panel and switch the “Find My iPhone” to off mode simultaneously, one can can easily remove the iCloud account without any password.