Multiple researchers have discovered a bug in Apple’s Activation Lock feature which could potentially allow attackers to hack an iDevice. The tool allows owners to remotely lock down their iPhone or iPad so that thieves can’t gain access to them if stolen.
However, an India-based security researcher named Hemanth Joseph appears to have broken through Apple’s wall of security. He claims to have bought a used iPad via eBay and discovered that Activation Lock was active. He managed to devise a method to crack open the tablet after failing to find a working bypass online.
Firstly, Joseph picked the ‘Choose another network’ option when in the Choose a Wi-Fi network page. He then proceeded to tap on Security and type in a string of random characters in the Name, Username and Password fields, none of which have a character limit.
The overflow resulted in the iPad freezing. However, this wasn’t enough to punch a hole through Apple’s defenses. Joseph supposedly used an iPad Smart Cover to do so, claiming that closing the lid on the slate when in a frozen state and opening it up later would lead to the device crashing to the Home screen.
Joseph reported the exploit to Apple who promised to look into the matter after requesting more information as of November 5. AppleInsider claims the company had resolved the issue with the release of iOS 10.1.1 in October.
Interestingly, another security firm named Vulnerability Labs later recreated the workaround using a combination of iOS screen rotation and Night Shift mode. This only leads to temporary access though. The time window can apparently be extended by pressing the power button. The firm asserts that the exploit can be performed on an iPhone as well.