Leak allows malicious parties to bypass iOS activation lock

There seems to be a vulnerability in iOS that makes it possible to use devices that are locked remotely. A security researcher discovered a way to bypass the lock through Wi-Fi functionality.

The method was discovered by Hemanth Josep, who bought an iPad from Ebay with a remote lock that works through iCloud. The website Redmond Pie reports this, based on a video posted online by Josep. Normally, when activating the lock, an iOS device will be locked, requiring the password to be entered first. Users do have the option to connect to a Wi-Fi network.

It was precisely when setting up Wi-Fi that Josep found a way to circumvent iCloud security. By selecting another network and entering very long strings of characters with the login details. As a result, the security seems to crash and the iOS device can still be used despite the lock. So it seems to be some sort of buffer overflow that is causing the problems.

The method works on iOS 10.1, but is said to have been fixed by Apple in iOS 10.1.1. However, security firm Vulnerability Lab found a way to make the hack work again. By rotating the screen after entering long strings of characters and placing the Smart Cover briefly on the screen, the lock can still be bypassed. However, it is likely that Apple will also patch this way soon.

It is still unclear whether the presented method to bypass the iCloud lock works on all iOS devices. For example, the hack has been replicated on several iPad models, but some reported that they had no success on their iPhone.