“Apple’s Activation Lock Can be Bypassed on iOS 10.1/10.1.1 Devices”
It is reported that researchers can easily bypass the Activation Lock by a vulnerability in iOS 10.1. An engineering student named Hemant Joseph managed to bypass the Apple’s security activation lock on a second-hand iPad he bought from eBay, and he revealed the details on his blog as well as in a video shared on Google Drive. Almost the same time, researchers at Vulnerability Lab also claimed to discover the bug that can help bypass the Activation Lock launched by Apple’s Find My iPhone feature.
Activation Lock feature is designed to disable stolen iOS devices so that a new user cannot sign into iPhone or iPad when the device is locked. This vulnerability available in iOS 10.1 and 10.1.1 allows hackers to bypass the Activation Lock and enter into the Home screen of the device. In Joseph’s case, he first utilized an extremely long WiFi password to make the iPad crash, and when the WiFi login page crashed, he closed and reopened the iPad smart case to make the device display the original Home screen. His try succeeded because of the loophole that there is no character limit in WiFi login password field. Joseph mentioned that he told Apple on Nov. 4 about this bug, and the company replied that they have fixed the vulnerability in iOS 10.1.1.
However, the researchers in Vulnerability Lab tested the loophole in iOS 10.1.1, and on Thursday a researcher named Benjamin Kunz Mejri posted a video on YouTube and claimed to have found a way to bypass the Activation Lock feature on the newer iOS 10.1.1 version. The video clip showed that he took advantage of screen rotation and Night Shift features to bypass the Activation Lock in a locked iPad.
Currently there is no successful case showing that the Activation Lock in the iPhone running 10.1.1 can be bypassed by this method. Even in iPad devices it requires skills and luck to replicate the success. So far Apple has no comment on the issue yet.
Interested in everything about Apple? Bookmark this tech blog to keep updated.