Buffer overflow exploit can bypass Activation Lock on iPads running iOS 10.1.1

Apple logoApple's Activation Lock feature, introduced in iOS 7 in 2013, deters thieves by associating your iPhone and iPad with your Apple ID. Even if a thief steals your device, puts it into Recovery Mode, and completely resets it, the phone or tablet won't work without the original user's Apple ID and password. This makes stolen iDevices less valuable since they become more difficult to resell, and it has significantly reduced iPhone theft in major cities.

The feature has been difficult to crack, but a new exploit disclosed by Vulnerability Lab security analyst Benjamin Kunz Mejri uses a buffer overflow exploit and some iPad-specific bugs to bypass Activation Lock in iOS 10.1.1.

When you're setting up a freshly reset iPad with Activation Lock enabled, the first step is to hit "Choose Another Network" when you're asked to connect to Wi-Fi. Select a security type, and then input a very, very long string of characters into both the network name and network password fields (copying and pasting your increasingly long strings of characters can speed this up a bit). These fields were not intended to process overlong strings of characters, and the iPad will gradually slow down and then freeze as the strings become longer. During one of these freezes, rotate the tablet, close its Smart Cover for a moment, and then re-open the cover. The screen will glitch out for a moment before displaying the Home screen for a split second, at which point a well-timed press of the Home button can apparently bypass Activation Lock entirely (but it will have to be extremely well-timed, since the first-time setup screen will pop back up after a second).

This video shows the exploit in action, and we were able to reproduce it on an iPad Mini 2 running iOS 10.1.1. In our testing, however, we couldn't reproduce the bug on an iPhone 5 running iOS 10.1.1—the first-time setup screens on all iPhone models don't rotate as they do on the iPad, nor can the iPhones be locked with Smart Covers. These screens also wouldn't rotate into landscape mode in iPads running iOS 9, so if you haven't updated yet (or if you're using an older iPad and can't update), you're probably vulnerable to a whole bunch of other security bugs, but it's not possible to make the screen glitch out in the same way.

There could be an alternate form of the exploit that works on iPhones, though as of this writing it only appears to be possible on iPads running iOS 10.1.1. We've contacted Apple for comment and will update if we receive a response.

Source: Ars Technica

Tags: Apple, iOS 10, iPad, security

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Last news

 
 
The speeds they offer and the prices they charge tend to be broadly similar
 
Apple hasn't applied for a medical device license application yet
 
The beginning of the end for physical discs?
 
Intel will recruit roughly 100 engineers from the Indian company to join Intel's graphics division
 
Coin miners discovered in eight different applications
 
Apple will continue with three iPhones lineup in 2019 with two OLED models and an LCD model
 
LG is also expected to release the more affordable 5G-equipped device smartphone later this year
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
     12
3456789
10111213141516
17181920212223
2425262728  




Poll

Do you use microSD card with your phone?
or leave your own version in comments (14)