Home » Researcher in Kerala Bypasses Apple’s iOS Activation Lock

Researcher in Kerala Bypasses Apple’s iOS Activation Lock

Hemanth Joseph, a security researcher from the Indian state of Kerala, has documented how he managed to bypass Apple’s iOS activation. He says he stumbled across the bug while trying to bypass Activation Lock on an iPad he purchased from eBay.

Joseph discovered a method of crashing the security software layer by entering an excessively long string of characters in iPad’s Wi-Fi setup text fields. Activation Lock was designed and deployed with iOS 7 to prevent thieves or other unauthorized users from accessing a stolen or lost iOS device.

Enabled automatically when Find My iPhone is activated, the system stores an owner’s Apple ID on an offsite activation server for later verification. Once enabled, any user wishing to gain device access, turn off Find My iPhone, erase the device or reactivate it must input the correct credentials. Since the deactivation process cross-checks Apple ID and password information with Apple’s servers, an internet connection must first be established.

This is where Joseph discovered a workaround of sorts. When a locked device is turned on, iOS will prompt a user to connect to a nearby Wi-Fi network. Joseph was able to create an overflow error in the Activation Lock layer by selecting “Other Network” and entering a long string of text in the “Name,” “Username” and “Password” fields, each of which contains no character limit.

A single overflow error, which freezes iOS, is apparently not enough to bypass Activation Lock. However, Joseph was able to crash the security app layer completely by closing and opening iPad’s Smart Cover, which in turn granted him access to the device home screen.

Apple did fix Joseph’s Activation Lock bypass with the release of iOS 10.1.1 in October. However, another news report suggests that researchers at Vulnerability Labs were able to recreate the exploit using iOS screen rotation and Night Shift mode.

In the proof of concept video above, the bypass variant only allows home screen access for a brief moment, but Vulnerability Labs founder Benjamin Kunz-Mejri said that time window can be extended by quickly pressing the power button. Further, Kunz-Mejri claims the Activation Lock workaround also works on iPhone.

Whether Apple is aware of the bypass and subsequently closed the security hole in its upcoming iOS 10.2 release is unknown at this time.

Have your say!

0 0

Lost Password

Please enter your username or email address. You will receive a link to create a new password via email.