CATEGORIES
home News

Security Researchers Break iOS Activation Lock On Apple iPhone And iPad

by Rob WilliamsFriday, December 02, 2016, 01:43 PM EDT

It's no secret that Apple places a high value on customer security and privacy, and the company goes to great lengths to make sure that it's a market-leader in both regards. However, even the most careful companies can be exposed to crippling security vulnerabilities. If software contains a previously unidentified bug or exploit, it just sits there waiting for some enterprising user to spot it. And that's just what happened with Apple's Activation Lock.

When an iPhone or iPad is lost, the user has the ability to enable "Find My iPhone", which can immediately locks the device, requiring correct credentials to regain access. This is useful in case a device gets stolen or is simply found by another person - whatever's on the device will remain safe.

iOS Activation Lock Hack

However, a couple of researchers have just revealed their discoveries about a flaw that affects the Activation Lock, and you might be surprised by just how easy it is to exploit. Even you may be able to do it, by the looks of things.

In order to check online for those correct activation details, Activation Lock requires internet access to function. To do that, the user must first connect to a Wi-Fi hotspot. This is where the exploit comes in. Because there's no character limit for the various fields required, it's easy enough to overload the device with incredibly long names and passwords. Pasting such long strings in effectively crashes the security layer, granting access to the OS.

In the video above, a user types in a bunch of random characters and then copy / pastes them over and over to create a string likely 1,000+ characters long. After hitting enter, and letting the device struggle, a Smart Cover is placed on the iPad, effectively putting it to sleep. When the cover is removed, the iPad will then bug out a little bit, before granting access to the home screen.

This almost seems a little too easy, but likewise, a fix should be relatively simple to implement. Given that most people don't need 1,000+ character limits, that's likely to be reduced to a much more sane number (imagine even typing in 128 legitimate characters - it'd take forever!), thus effectively eliminating the bug (we hope).

Tags:  Mobile, Apple, iPhone, security, Privacy, ipad, ios, (nasdaq: aapl)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment