Security Researchers Break iOS Activation Lock On Apple iPhone And iPad
It's no secret that Apple places a high value on customer security and privacy, and the company goes to great lengths to make sure that it's a market-leader in both regards. However, even the most careful companies can be exposed to crippling security vulnerabilities. If software contains a previously unidentified bug or exploit, it just sits there waiting for some enterprising user to spot it. And that's just what happened with Apple's Activation Lock.
When an iPhone or iPad is lost, the user has the ability to enable "Find My iPhone", which can immediately locks the device, requiring correct credentials to regain access. This is useful in case a device gets stolen or is simply found by another person - whatever's on the device will remain safe.
However, a couple of researchers have just revealed their discoveries about a flaw that affects the Activation Lock, and you might be surprised by just how easy it is to exploit. Even you may be able to do it, by the looks of things.
In order to check online for those correct activation details, Activation Lock requires internet access to function. To do that, the user must first connect to a Wi-Fi hotspot. This is where the exploit comes in. Because there's no character limit for the various fields required, it's easy enough to overload the device with incredibly long names and passwords. Pasting such long strings in effectively crashes the security layer, granting access to the OS.
In the video above, a user types in a bunch of random characters and then copy / pastes them over and over to create a string likely 1,000+ characters long. After hitting enter, and letting the device struggle, a Smart Cover is placed on the iPad, effectively putting it to sleep. When the cover is removed, the iPad will then bug out a little bit, before granting access to the home screen.
This almost seems a little too easy, but likewise, a fix should be relatively simple to implement. Given that most people don't need 1,000+ character limits, that's likely to be reduced to a much more sane number (imagine even typing in 128 legitimate characters - it'd take forever!), thus effectively eliminating the bug (we hope).