An Engineering student has managed to bypass Apple’s secured anti-theft Activation Lock feature on iOS devices such as iPhone, iPad, and iPod Touch. Hemanth Joseph is a final-year mechanical engineering student in Kochi, India who successfully managed to bypass Apple’s Activation Lock. Joseph had previously been rewarded by Google $7500 for disclosing a bug in Google’s Cloud platform.
When the iOS device is locked with “Find my iPhone” app, Joseph can bypass the iCloud Activation lock with a simple trick. He took advantage of the lack of character limit in the available input fields on the lock screen to crash the Activation Lock software and got access to the Home screen.
In a blog post, Joseph revealed the exact steps he took to bypass iCloud Activation Lock on an iPad Air that his friend bought from eBay. TheiPad turned out to be iCloud Locked. When the devices prompted for the iCloud username and password to which the device is attached, he used an unlimited input field to his advantage to crash the Activation Lock layer. After creating a character overflow situation, the iPad froze, this is when he locked the device using Smart cover and then removed the cover to see the Home screen.
Any iPhone or iPad running iOS 10.1.1 is vulnerable to Joseph’s discovery. However,he has already informed Apple about it in early November. It is highly likely that Apple will introduce a fix with upcoming iOS 10.2 software update which is currently at beta 5 stage.