We mention before that ICCID activation bug can factory unlock any iPhone with a turbo SIM. The device will then continue to work, without the R-SIM, using any network’s SIM card.

iPhone and iPad owners are used to hearing about iOS vulnerabilities but are also used to them being discovered by security researchers and used for the purposes of trying to find a route into the device for jailbreak purposes.

It’s rare – at least in the modern world of iOS – to have something like this discovered that is uniquely related to unlocking the device and ensuring that a factory locked iPhone can be used on any network without having to request Apple or the locked carrier to interject. 

The process appears to be as follows. There’s a chance that Apple might patch this in future but as of right now, it’s working as intended:

Note: You will of course need R-SIM for this to work. You can get it from here.

Step 1 Insert a unsupported SIM with the R-SIM into a locked iPhone.

Step 2 Launch Phone app and type *5005*7672*99# and then tap edit ICCID.

Step 3 Type 8901-4104-2778-0604-3133.

Step 4 Restart the device and follow the setup.

Step 5 Once back at Home screen, remove the R-SIM and just use the previously unsupported SIM card.

That's it. By changing the ICCID, it leverages a vulnerability that unlocks the device for use with any SIM card. It is being pointed out that this isn’t entirely permanent and will be put back to being a factory locked device if a hard reboot or reset is performed on the device.

However, you can go through the process of an OTA firmware update without the unlock being taken aware. If you do a full restore through iTunes or 3uTools, then the unlock is removed and the hard work is undone, so to speak.

Source: redmond pie