Apple Inc. has ensured that no one except the owner of iPhone and iPad is able to unlock their device. However, it looks like two researchers, in separate cases, have found a way inside the device by unlocking the supposedly difficult to unlock devices.
There are two different bugs that will enable someone to break into Apple device by disabling its activation lock. One impacts devices running iOS 10.1, and another on the most current version of the software, iOS 10.1.1, says a report from Forbes.
Bug affecting iOS 10.1 and iOS 10.1.1
First bug was found by Hemanth Joseph, a security researcher from India. Joseph identified a weakness in the iOS device setup process, and tested it on a locked iPad that he purchased from eBay. After the device asked to chose a Wi-Fi Network, Joseph simply selected ‘other network,’ and then filled its name and a WPA2-enterprise key in with thousands of characters.
Joseph did this thinking that enough data in those fields will led the device freeze. He got it right. After freezing the device, Joseph started trying to fail the setup process, which would transport him to the home screen. On a simple push of sleep/wake button, wizard popped up and with the help of magnetic catch in Apple’s smart cover and some practice to perfect the timing, Joseph finally got into the Apple Inc. gadget. He uploaded the video of the same.
Another bug in the iOS 10.1.1 was detected by the researchers at Vulnerability Lab. In a similar action to Joseph, the team started overloading the WiFi setup fields. The difference between Joseph’s technique and that of Vulnerability’s is that the latter rotates the device in their video demo to display the home screen, notes the Forbes report.
Is it a real threat to Apple devices?
In both the cases, the home screen appears for a while and then disappears. Vulnerability Labs founder Benjamin Kunz-Mejri told Security Week that the device kept on working as researchers kept on pushing the sleep/wake button. This calls for a major security threat as someone who slips an iPhone or iPad from the owner can unlock the device and wipe out everything to turn the Apple Inc. device new again. However, the video does not show to what length the home screen can be accessed, and is it even possible to access the reset the home screen, notes Forbes.
The bug which was discovered by Joseph has been fixed now in the iOS update on November 16th. However, the one on the iOS 10.1.1 is still there, and is expected to be fixed with the arrival of the iOS 10.2, which is undergoing beta test as of now.