Security experts have recently discovered how to bypass the Apple Activation Lock on the latest versions of iOS, 10.1 and 10.1.1 for iPhones and iPads.
Activation Lock is the lock screen which appears on Apple devices when they’ve been locked through the Find My iPhone service, when lost or stolen.
When the Find My iPhone service is on, users must enter a password on the Activation Lock screen, after connecting it to the Internet. By turning on an Apple device locked this way, users can select a WiFi network to connect to.
According to the security expert Hemanth Joseph, Apple couldn’t protect the WiFi network name and password input fields for (WPA2 networks) against long text entries. The researcher said that after entering long strings in the fields, he was able to cause a buffer overflow which froze the screen of the device.
Hemanth Joseph also explained that by using one of the smart covers which Apple sells, he put the device to sleep and reopened it to the state it was before the crash. In this case, without any interaction, after 20-25 seconds, the WiFi network and password input form crashed and disappeared, offering the researcher access to the device.
The expert says that he has tested this bug only in iOS 10.1 and reported it to Apple about two months ago.
The security researcher at Vulnerability Lab Benjamin Kunz-Mejri, expanded on Joseph’s findings and altered the method to bypass the Find My Phone Activation Lock on the latest iOS version, 10.1.1.
The method Kunz-Mejri relies on rotating the screen at a certain point in the exploitation scenario and keeping the Home button pressed when the device crashes to the home screen, in order to maintain access to the device.
In addition, the security expert released a video on YouTube, walking users through the bypass technique on iOS 10.1.1.
