Motherboard's Joseph Cox and Jason Koebler found that iCloud users are vulnerable to a practice which removes a user's iCloud account from a phone so that they can then be resold.
They do this by phishing the phone's original owners, or scam employees at Apple Stores, which have the ability to override iCloud locks.
The other method - that is very labour intensive and rare - involves removing the iPhone's CPU from the Logic Board and reprogramming it to create what is essentially a "new" device.
Apparently, this is done in Chinese refurbishing labs and involves stealing a "clean" phone identification number called an IMEI.
Making matters more complicated is the fact that not all iCloud-locked phones are stolen devices -- some of them are phones that are returned to telecom companies as part of phone upgrade and insurance programmes.
The number of legitimately obtained, iCloud-locked iPhones helps supply the independent phone repair industry with replacement parts that cannot be obtained directly from Apple.
But naturally, repair companies know that a phone is worth more unlocked than it is locked, and so some of them have waded into the hacking underground to become customers of illegal iCloud unlocking companies.
In practice, "iCloud unlock" as it's often called, is a scheme that involves a complex supply chain of different scams and cybercriminals.
These include using fake receipts and invoices to trick Apple into believing they're the legitimate owner of the phone, using databases that look up information on iPhones, and social engineering at Apple Stores.
There are even custom phishing kits for sale online designed to steal iCloud passwords from a phone's original owner.
There are many listings on eBay, Craigslist, and wholesale sites for phones billed as "iCloud-locked," or "for parts" or something similar. While some of these phones are certainly stolen, many of them are not.
According to three professionals in the independent repair and iPhone refurbishing businesses, used iPhones -- including some iCloud-locked devices -- are sold in bulk at private "carrier auctions" where companies like T-Mobile, Verizon, Sprint, AT&T, and cell phone insurance providers sell their excess inventory, often through third-party processing companies.