Apple designed the activation lock feature for iOS to make it excruciatingly difficult for anyone to gain unauthorized access to an iPad or iPhone and wipe all data to repurpose it as a new device. To be fair, Cupertino did pull off a pretty commendable job considering that the feature makes host devices actually a lot more secure. However, it is still possible to breach the security put in place by activation lock — courtesy, two annoying (at least for Apple engineers) and potentially dangerous bugs.
One of the bugs, discovered by India-based security researcher Hemanth Joseph, affects iOS 10.1. Apparently, Joseph ordered an unlocked iOS 10.1 powered iPad Air from eBay for a friend in November. But to his surprise, the product delivered to him was actually a locked version.
Relatively new to the iOS platform, Joseph tried scavenging the internet for possible methods on how to unlock a locked iPad Air, but was left disappointed. He then booted up the device again and went through the preliminary setup process until iOS 10.1 took him to the activation lock screen.
When asked to choose a Wi-Fi network, Joseph opted for the “other network” option. In the login credential fields (WPA2 enterprise key fields), he started inserting thousands of characters until the device froze. In order to ensure that the device didn’t become completely unresponsive, he pressed the lock button that surprisingly took him straight to the Welcome screen.
Meanwhile, the other bug, discovered by Vulnerability Lab, can be exploited by typing a surfeit of characters on the setup field and with the help of the smart cover trick. It affects the latest iOS version, i.e. iOS 10.1.1 too.
In both cases, the home screen appears for only a brief period before disappearing. However, according to Benjamin Kunz-Mejri, founder of Vulnerability Labs, the access to the home screen can be retained by quickly pressing the sleep/wake button, SecurityWeek reports.