Apple claims to have the most secure smartphone device and that it is nearly impossible to get into or hack the iOS device. For example, the activation lock in iOS makes it very hard for someone other than the owner to crack open an iPhone or iPad and further set it up as a new device.
However, two bugs have recently been discovered that could allow someone to bypass Apple's activation lock. The bug was found in devices running iOS 10.1 and another on the most current version of the software, iOS 10.1.1.
Hemanth Joseph, a security researcher operating out of Kerala, has identified a bug running in iOS 10.1 version of Apple's operating system.
According to a report from Forbes, Joseph was able to bypass the Activation Lock in a locked iPad by discovering a weakness in the device setup process running iOS 10.1,
How did he do it? Well, when Joseph was asked to select a Wi-Fi network, he chose 'other network' and selected WPA2-enterprise as the type of network to connect to. Now, he had to fill three input fields: name, username and password.
He then proceeded to fill the name and a WPA2-enterprise key in with thousands of characters. He was of the opinion that enough data in those fields would cause the device to freeze, and he was right.
So inevitably the iPad froze and then he locked it by closing Apple's magnetic Smart Cover over the screen. After that, he began to work on making the setup process fail and that it would drop him on the home screen. With a little help from the magnetic catch in Apple's Smart Cover and some practice to perfect the timing, Joseph succeeded. He demonstrated the bypass in a video which was uploaded to Google Drive.
As such, with this method Joseph has bypassed the Activation Lock and has had full access to the iPad. Nonetheless, he has reported the findings to Apple, and his blog has screenshots of email correspondence with the company as well. The bug discovered by Joseph might have been fixed by now.
In another instance, researchers at US-based Vulnerability Lab has also discovered a similar Activation Lock bug in iOS 10.1.1. And like Joseph, the team began by overloading the Wi-Fi setup fields and employed a smart cover.
Similarly, the same thing happened, like what Joseph had demonstrated earlier. The only difference: they rotated the device in their video demo to display the home screen.