Researchers are warning about a buffer overflow vulnerability in iPads that would an allow an attacker to bypass Apple iOS’ Activation Lock, a feature meant to prevent unauthorized users and thieves from accessing the device’s functionality and user data.
The Activation Lock is triggered when an iPad owner uses Find My iPhone, an app that helps individuals locate and recover their lost or stolen devices. The Activation Lock grants access to the device only after the user connects to the cloud and enters the owner’s AppleID and password.
But independent researcher Hemanth Joseph explained in a blog post late last month that he was able to bypass the security mechanism in iOS version 10.1 by taking advantage of a lack of character limits placed on certain data fields. To accomplish this, he first requested to choose a Wi-Fi network, and then typed long strings of characters into the fields for the network name, user name and user password. Doing so froze the iPad.
Joseph then locked the iPad screen using a magnetic Smart Case and opened it moments later. This sequence of steps crashed the iPad back to the home screen, thus allowing him to bypass the Activation Lock. (This trick did not work on iPhones, however.)
Benjamin Kunz Mejri, security analyst at Vulnerability Lab subsequently posted a new advisory and accompanying video last Thursday, warning that the flaw was not thoroughly fixed in iOS version 10.1.1. According to Mejri, hackers can still bypass the Activation Lock with a few extra steps, including a rotation of the tablet and a quick press of the Home button before the iPad automatically returns to its set-up screen. Apple reportedly has yet to address this issue.