Indian researcher break iPhone, iPad activation lock

New York: An Indian security researcher has discovered a bug that could allow someone to bypass Apple’s activation lock in its iOS 10.1 version, according to a media report today.

Hemanth Joseph, who works out of Kerala exploited a weakness in the iOS device setup process. He then tested it on a locked iPad he purchased online.

When asked to choose a WiFi network, he simply chose ‘other network’ and then proceeded to fill its name and a WPA2-enterprise key in with thousands of characters. His thought was that enough data in those fields would cause the device to freeze, and he was right, the Forbes reported.

After figuring out how to freeze the iPad, he began to work on a way to make the setup process fail and drop him on the home screen.

Pressing the sleep/wake button merely restarted the wizard, but with a little help from the magnetic catch in Apple’s Smart Cover and some practice to perfect the timing, Joseph succeeded. He demonstrated the bypass in a video uploaded to Google Drive, the report said.

Researchers at US-based Vulnerability Lab had earlier discovered another bug, the iOS 10.1.1. Like Joseph, the team began by overloading the WiFi setup fields and employed a smart cover. There’s one minor difference: they rotate the device in their video demo to display the home screen.

After figuring out how to freeze the iPad, he began to work on a way to make the setup process fail and drop him on the home screen.

The bug discovered by Joseph was reportedly fixed in an iOS update last month.

PTI