There is a new activation lock vulnerability floating which makes it possible to access to a lost iOS device without even having much technical knowledge.
The device marked as lost through Apple’s Find My iPhone service is also included in that. This technique comprised on a ‘blunt-force’ method that can enable a thief or hacker to get past the Activation lock.
This vulnerability occurred before in iOS 10.1.1 but supposedly “fixed’ by Apple after company was informed about its susceptibility. But its variation still works on iOS 10.1.1 as discovered by Vulnerability Lab. The way exploit works is quite interesting.
- The person in possession of the device (owner or the thief) has the ability to connect to a WiFi network when a device is put in “Lost” mode and the device asks for Apple ID details of the owner before unlocking.
- The attacker can select the “Other network” option and then manually enter the network name and password once connected to Wi-Fi.
- The device can become slow and then completely freeze if attacker start copy pasting a large string of text in both the fields (the number can be as big as 10,000 or more characters).
- When the device freezes, attacker can put it to sleep using a cover and then remove the cover again to gain access to the homescreen.
- As Apple didn’t do a very good in blocking this exploit after iOS 10.1 therefore hackers still use this exploit in iOS 10.1.1 but now it requires them to rotate the device and use the Night Shift feature.
- One simple solution of this exploit can be to limit the number of characters that can be entered in the network name and password fields. However, until that arrives attackers will have the last laugh.
Check out the proof-of-concept video below and tell us what you think.