That's... amusingly, also a thing in Chinese marketplaces, for a similar purpose.

iCloud Activation Lock, on non-cellular devices (eg, Wi-Fi only iPads), relies on the device's serial number, Wi-Fi MAC, and Bluetooth MAC addresses as the three identifiers required to clear the Activation Lock check. Via special debug cables (eg, a "DCSD cable") there are ways to write in new SysCfg data to the flash to change those variables. This can also be done to Apple Watches (pre-Series 6) with a special dock also sold on the Chinese market.

You can (sort of easily) get your hands on a "clean" serial/MACs set for under $10-15 or so on the market.

Interesting. I assume this is mostly used to "wash" stolen devices to make them appear legitimate for resale? I'm surprised Apple designed the hardware to allow this without any sort of authentication.