Buffer overflow exploit can bypass Activation Lock on iPads running iOS 10.1.1

Apple logoApple's Activation Lock feature, introduced in iOS 7 in 2013, deters thieves by associating your iPhone and iPad with your Apple ID. Even if a thief steals your device, puts it into Recovery Mode, and completely resets it, the phone or tablet won't work without the original user's Apple ID and password. This makes stolen iDevices less valuable since they become more difficult to resell, and it has significantly reduced iPhone theft in major cities.

The feature has been difficult to crack, but a new exploit disclosed by Vulnerability Lab security analyst Benjamin Kunz Mejri uses a buffer overflow exploit and some iPad-specific bugs to bypass Activation Lock in iOS 10.1.1.

When you're setting up a freshly reset iPad with Activation Lock enabled, the first step is to hit "Choose Another Network" when you're asked to connect to Wi-Fi. Select a security type, and then input a very, very long string of characters into both the network name and network password fields (copying and pasting your increasingly long strings of characters can speed this up a bit). These fields were not intended to process overlong strings of characters, and the iPad will gradually slow down and then freeze as the strings become longer. During one of these freezes, rotate the tablet, close its Smart Cover for a moment, and then re-open the cover. The screen will glitch out for a moment before displaying the Home screen for a split second, at which point a well-timed press of the Home button can apparently bypass Activation Lock entirely (but it will have to be extremely well-timed, since the first-time setup screen will pop back up after a second).

This video shows the exploit in action, and we were able to reproduce it on an iPad Mini 2 running iOS 10.1.1. In our testing, however, we couldn't reproduce the bug on an iPhone 5 running iOS 10.1.1—the first-time setup screens on all iPhone models don't rotate as they do on the iPad, nor can the iPhones be locked with Smart Covers. These screens also wouldn't rotate into landscape mode in iPads running iOS 9, so if you haven't updated yet (or if you're using an older iPad and can't update), you're probably vulnerable to a whole bunch of other security bugs, but it's not possible to make the screen glitch out in the same way.

There could be an alternate form of the exploit that works on iPhones, though as of this writing it only appears to be possible on iPads running iOS 10.1.1. We've contacted Apple for comment and will update if we receive a response.

Source: Ars Technica

Tags: Apple, iOS 10, iPad, security

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Last news

 
You can use a security key instead of having a code sent to your phone
 
Adobe says that the AI can now achieve the intended result in seconds
 
A new security protocol replacing the aging WPA2
 
Download and install at your own risk, of course
 
More iPhone parts likely to be produced by Samsung
 
Starting on Friday, video views on YouTube will start to be counted by the Official Charts Company
 
LG has already announced two new V-series members in 2018
 
The method is blocked and the hack doesn’t work, it adds
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
    123
45678910
11121314151617
18192021222324
252627282930 




Poll

Do you use microSD card with your phone?
or leave your own version in comments (11)