A lock is only good at protecting things if it actually stays locked. The activation lock in iOS, for example, makes it very hard for someone other than the owner to wipe an iPhone or iPad and set it up as a new device. Very hard, but not impossible.
Two different bugs have as of late been found that could permit somebody to sidestep Apple’s enactment bolt. One effects gadgets running iOS 10.1 and another on the most current adaptation of the product, iOS 10.1.1.
The first was found by Hemanth Joseph, a security researcher who works out of Kerala, India. Joseph’s workaround misused a shortcoming in the iOS gadget setup process, and he tried it on a bolted iPad he bought from eBay. At the point when requested that pick a WiFi organize, he just picked ‘other system’ and after that continued to fill its name and a WPA2-undertaking key in with a huge number of characters. His thinking was that enough information in those fields would bring about the gadget to stop, and he was correct.
In the wake of making sense of how to solidify the iPad, he started to chip away at an approach to make the setup procedure fizzle and drop him on the home screen. Squeezing the rest/wake catch just restarted the wizard, however with a little assistance from the attractive catch in Apple’s Smart Cover and some practice to culminate the planning, Joseph succeeded. He showed the sidestep in a video uploaded to Google Drive.
Researchers at Vulnerability Lab discovered the iOS 10.1.1 bug. Like Joseph, the team began by overloading the WiFi setup fields and employed a smart cover. There’s one minor difference: they rotate the device in their video demo to display the home screen.
In both cases, the home screen only appears for an instant and then it’s gone. Vulnerability Labs founder Benjamin Kunz-Mejri told Security Week that pressing the sleep/wake button quickly allowed his team to keep it open. The danger, of course, is that a criminal who can replicate the attack could wipe a stolen iPhone or iPad and set it up as a new device. It’s not clear from the videos, however, whether the home screen that appeared is fully functional and it’s even possible to access the reset screen.
The bug discovered by Joseph was reportedly fixed in an iOS update on November 16. The second appears to be unpatched, though that could change with the arrival of iOS 10.2 which is currently being beta tested.