views
An engineering student named Hemanth Joseph, based out of Kerala, has discovered a route that bypasses Apple's highly-acclaimed activation lock that enables the owner to lock the device and prevent unauthorised access to their iPhone, iPod Touch, iPad or the Apple watch if it is lost or stolen.
The security researcher has identified a bug running in iOS 10.1 version of Apple's operating system that allowed him to bypass the activation lock on an iPad. The activation lock is highly-acclaimed in Apple's iPhone or iPad is hard for someone other than owner of the device to hack and set it up as a new device.
When Joseph was asked to select a Wi-Fi network, he chose 'other network' and selected WPA2-enterprise as the type of network to connect to, that gave him three input fields to fill -- name, username and password.
Upon testing, he came to know that there is no character restriction in those fields and he typed thousands of characters than iOS can handle, expecting that it would cause the software to crash.
This caused the iPad to freeze and then he locked it by closing Apple's magnetic Smart Cover over the screen. After opening the cover, the device was at the same screen, but as few seconds passed by, it crashed to iOS home screen. This made Joseph bypassed the activation lock and to have full access to the iPad.
The bug discovered by Joseph was reportedly fixed in an iOS update last month.
According to Joseph's website, he is currently working as information security researcher at the firm Slash Secure and also serving as commander at Kerala Police Cyberdome. He is also the founder of India's first open security community for students called 0SecCon (www.0SecCon.com).
Joseph has been listed Google's Hall of fame and received a bounty of $7500 for reporting a critical vulnerability in Google Cloud Platform.
Comments
0 comment