Apple's Activation Lock Isn't Really Secured, Researchers Revealed

By Precious Gem de Peralta
iOS 10
Security researchers have discovered bug in iOS 10.1 and iOS 10.1.1 that allowed anyone to bypass the activation lock of the iOS device. The vulnerability in the iOS 10.1 was already patched on Nov. 16 while the upcoming iOS 10.2 update will resolve the issue in the iOS 10.1.1. iPhoneDigital / Flickr

Though iOS devices are more secure than Android devices, researchers have recently discovered bugs in two current versions of iOS 10. They have found out that someone else can bypass the activation lock of your iPhone or iPad other than yourself. Two separate security researchers have explained how it is possible.

According to Forbes, security researcher Hemanth Joseph from Kerala, India was able to exploit a vulnerability in the iOS device setup process. He purchased a locked iPad from eBay. Joseph explained how he did it on his website. He also has uploaded a video of the demonstration in Google Drive.

The purpose of the Activation Lock is to prevent anyone from accessing your iOS device. Those who attempt to do this is required to input the username and password of the owner's iCloud account. They wouldn't be able to unlock it unless they filled those details correctly. Naturally, there will be no use of the device for them.

Joseph shared that he chose "other network" when he was prompted to instead of selecting those that are mentioned. He filled the name and as well as the WPA2-enterprise key. Now, the latter field is instrumental. He out thousands of characters. This caused the iPad to freeze. He eventually succeeded in making the setup process fail and access the home screen. Joseph had to use both sleep/wake button and magnetic catch in Apple's Smart Cover.

The timing is also crucial to achieving this. He said that he reported this to Apple back on Nov. 4. The next day, he got a reply that asked for further details about his exploit. He immediately mailed them back with additional information. By Nov. 16, Apple has issued a security update that fixed this flaw in iOS devices.

The bug in the iOS 10.1.1 was discovered by researchers at Vulnerability Lab. The process they went through was almost similar to what Joseph did. They had overloaded the WiFi setup fields and utilized the smart cover. Both have made the home screen appear for a moment until it disappears. The lab's founder Benjamin Kunz-Mejri said to Security Week that they also quickly pressed the sleep/wake button to keep the device open.

Though both security researchers acted with good intentions, it is possible that cybercriminals could do the same thing for a whole different purpose. Forbes also pointed out that they did not specify if the home screen that appeared works. Apple is yet to patch the flaw in the iOS 10.1.1. However, the iOS 10.2 is already in its beta stage. This vulnerability might have been resolved once it becomes available for consumers.

  • ‘Wang Mingdao’s Diary’ reproduction highlights complexities of contemporary Chinese Christianity

    On December 9, the China Graduate School of Theology (中国神学研究院) hosted a public lecture titled “A Courageous Witness in the Times—Launch of Wang Mingdao (王明道)’s Diary.” The lecture, themed “Faith Patterns in Beijing’s Christian Churches Through the Lens of Wang Mingdao’s Diary,” featured Dr. Ni Buxiao (倪步晓), Associate Director and Assistant Professor at the Christian Faith and Chinese Culture Research Center of Alliance Bible Seminary (建道神学院), as the keynote speaker.

  • Floating library ‘Doulos Hope’ arrives in Taiwan; spreading love and hope from a former cruise ship

    Doulos Hope, the international floating book fair ship, has returned to Taiwan and is now docked at Kaohsiung Port, open to the public from December 18, 2024, to January 12, 2025. Originally built in 1991 and renovated in 2022, the ship features over 2,000 books on various topics, including faith, science, and art. It is operated by a diverse crew of 140 volunteers from 25 countries, offering services such as education, healthcare, and community outreach. The ship's mission is to spread hope and

  • Chinese Online School of Theology publishes annual ministry report: Expanding Chinese theological education through new strategies

    In the 2023-2024 academic year, New York-based Chinese Online School of Theology (COST) has seen significant development in expanding its ministry in theological education and mission outreach. They have promoted a series of new events and projects to explore different strategies that expand theological education for Chinese ministers. The following are some highlights from the 2023-2024 annual report:

  • Dr. Fenggang Yang: How foreign forces transformed traditional Chinese legal systems

    In a recent lecture to Chinese Christians, scholar Dr. Fenggang Yang (杨凤岗) gave an in-depth analysis of the historical evolution and contemporary significance of the modern legal system in Chinese society. He explored the tensions and integrations between traditional law and modern rule of law, highlighting the distinctive characteristics of China’s traditional legal system and emphasizing the role of foreign influences in introducing modern legal practices into Chinese society.

Top Stories