Discovered a bug to bypass Activation Lock on the iPhone and iPad!


The researcher Joseph Hemanth has found a way to bypass the successful Activation Lock system on the iPhone and iPad, by exploiting a previously unknown bug.

The researcher has documented the vulnerability, saying that she discovered while trying to bypass the blocking of an iPad bought on eBay, in practice, Joseph discovered exploited a long string of characters in the Wi-Fi configuration fields to overcome the security system made by Apple.

L ‘ Activation Lock has been implemented by Apple in iOS 7 to prevent thieves or unauthorized users could access an iOS device lost or stolen. The function is automatically enabled when activated Find My iPhone, and practically does not allow to re-enable a device after reset, unless you know the password of the ID that was originally connected to that terminal.

As the decommissioning process involves cross-checking between the Apple ID and password and the Apple server, it must first be established an internet connection. And it is here that the bug discovered by Joseph into play: when a “locked” device is turned on, iOS requires the user to connect to the nearest Wi-Fi network. The researcher was able to create an overflow error in the level dell’Activation Lock, selecting “Other network” and entering a long text string in the fields “Name” Username “and” Password “, none of which contain any limit character input. Only one freezes iOS overflow error, but not enough to bypass the activation block. However, Joseph was able to crash the whole layer of security by closing and reopening the Smart Cover to iPad, which in turn has granted access to the home screen of the device.

The same exploit can be reproduced without the Smart Cover, and therefore also on the iPhone, using screen rotation and Night Shift mode.

Apple has already been informed of this bug, which probably will be solved with IOS 10.2.