Another Bug Allows Hackers to Bypass Apple's iOS Activation Lock on iPhone/iPad

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
A new bug is allowing unauthorized persons to access iPhone and iPads if they follow a certain procedure that doesn't sound too complicated.

Some of you have probably read about a bug that would allow someone to bypass Apple's iOS Activation Lock feature on the iPad and iPhones running iOS 10.

Ironically, using the Find My iPhone service, which allows users to activate Lost Mode on their iOS devices if the device is lost or stolen, makes it easier for someone with knowledge of the matter to bypass that Activation Lock feature that Apple has put in place on its iOS devices.

When a locked device is started, users are usually prompted to connect to a Wi-Fi network, but if you select the “Other Network” and enter a very long string of characters in the username and password fields, you can basically crash the OS, thus exposing the device's homescreen.

Another way of crashing the OS and bypassing the Activation Lock was to close and open the smart case of an iPad repeatedly. Once the crash was triggered, you immediately had access to the homescreen.

The flaw was discovered back in October and immediately patched by Apple in iOS 10.1.1. Unfortunately, the issue seems to have been addressed only partially since researchers at Vulnerability Lab who analyzed the issue found out that it could be reproduced in iOS 10.1.1 as well, SecurityWeek reports.

Apparently, you can now crash the OS using the screen rotation feature and Night Shift mode. Even though that will leave the device exposed for just a second, you can maintain the vulnerability by quickly pressing the power button.

It's the easiest way to get access to the homescreen bypassing Apple's Activation Lock on iPhone or iPad. It's unclear whether or not the issue can be reproduced in the latest iOS 10.2.

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top