A Security Researcher Bypasses Activation Lock in an Apple iPad

 

 

 

An India-based security researcher has claimed to have found a weakness in iOS 10.1 that allowed him to bypass the activation lock on a locked Apple iPad.

Hemanth Joseph lives in Kerala and is working as an information security researcher at the firm Slash Secure. He is also serving as commander at Kerala Police Cyberdome.

According to Hemanth, he found the bug in the device setup process running iOS 10.1. When he was asked to choose a Wi-Fi network, he selected ‘other network’ and then WPA2-enterprise as the type of network to connect to. He was then presented with three input fields – name, username and password – to fill. Joseph was surprised to find no character limit in those fields and he was able to type thousands of characters. This led iPad to freeze and now Joseph locked the iPad by closing Apple’s magnetic Smart Cover over the screen. When he re-opened the cover, the iPad was at the same screen, but then it crashed to iOS home screen after a few seconds. Joseph was then able to bypass the activation lock and got full access to the device.

The bug found by Joseph has reportedly been fixed in an iOS update.

Joseph, in the past, had also reported a critical vulnerability in Google Cloud Platform, and was given a bounty of $7500 for it. He was listed in Google’s Hall of fame for finding this vulnerability.