Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Iphone IOS Privacy Security Apple

iOS's 'Activation Lock' For Stolen iPads And iPhones Can Be Easily Bypassed (computerworld.com) 54

An anonymous reader quotes ComputerWorld: Two researchers claim to have found a way to bypass the activation lock feature in iOS that's supposed to prevent anyone from using an iPhone or iPad marked as lost by its owner... One of the few things allowed from the activation lock screen is connecting the device to a Wi-Fi network, including manually configuring one. [Security researcher] Hemanth had the idea of trying to crash the service that enforces the lock screen by entering very long strings of characters in the WPA2-Enterprise username and password fields.

The researcher claims that, after awhile, the screen froze, and he used the iPad smart cover sold by Apple to put the tablet to sleep and then reopen it... "After 20-25 seconds the Add Wifi Connection screen crashed to the iPad home screen, thereby bypassing the so-called Find My iPhone Activation Lock," he said in a blog post.

There's also a five-minute video on YouTube which purports to show a newer version of the same attack.
This discussion has been archived. No new comments can be posted.

iOS's 'Activation Lock' For Stolen iPads And iPhones Can Be Easily Bypassed

Comments Filter:
  • by JoeyRox ( 2711699 ) on Saturday December 03, 2016 @10:15PM (#53417947)
    If the lock can be bypassed by crashing the GUI logic that presents the lock then that must mean Apple implemented the lock as a simple flag that triggers a UI view controller, and that once the view controller is dismissed (either normally or by crashing it) the logic doesn't check the flag again thereafter. They should have instead implemented it as something that hashes a critical data structure with the unlock code so that the OS can't run without being unlocked.
    • And background processes?

    • still need to have a call 911 mode on the lock screen for phones.

      • by Anonymous Coward

        You mean something other than the "Emergency" at the bottom left of the password entry screen?

    • Rather than shutting down the whole OS, it should be enough to prevent the rendering of or accepting input for most views while the device is locked. I would have assumed it already worked this way and there was some simple 'AccessibleWhileLocked'-type flag on view controllers. Thus whitelisted screens (lock screen, apple pay, camera, etc) would be available on locked devices, but everything else (home screen included) could be walled off until the device was successfully unlocked.

      Not that I'm surprised; to

    • by cfalcon ( 779563 )

      Should they HAVE to, though?

      Remember, this is for bypassing an "are you the owner of this purged ipad" check. It's not security sensitive- the worst case scenario is that a thief gains access to a fully purged ipad. Your solution would work, but would be a lot of complexity, because as soon as the authenticated user bypasses the lock, the critical stage would have to be undone in some manner- for instance, the critical ciphertext could be replaced with plaintext, creating a potential failure point. Alter

      • You're right, it's not a data security issue since this only affects whether someone can activate a wiped/stolen phone. However it is a physical security issue because the entire reason for implementing this anti-theft mechanism was to stop thieves from stabbing and shooting people for their expensive iPhones/Android devices.
    • by jonwil ( 467024 )

      If Apple can make a locked iPhone running a stock fresh OS install trigger a special lock app like this, they could just as easily make that same bit of "detect lock" code prevent the home screen from working. And the browser. And the app store. And iTunes. And all the other phone functionality.

      Ensure that a locked iPhone cant do anything but display the lock screen no matter how many times you flash it with a new system image.

  • Watch the video (Score:4, Interesting)

    by Anonymous Coward on Saturday December 03, 2016 @10:42PM (#53417999)

    There is no hack. This is a troll and computerworld and slashdot fell for it.

  • by Anonymous Coward

    It's sad that retards at slashdot believed a fake story more than one year old. How's that 'removing fake news' thing going for you amerifags?

    And it doesn't remove any activation locks; just lets you use some applications, and reboot the stolen phone and you are back at the activation lock screen. And if it was possible to access the whole launch screen, still the software would trip at any step of the way. Think you could install a single app?

    To summarize: bravo, slashdot retards. Next thing, UFOs and hidd

  • by YesIAmAScript ( 886271 ) on Sunday December 04, 2016 @01:17AM (#53418431)

    The point of the lock is to make the device less valuable for resale. And this, because it doesn't remove the lock, doesn't invalidate that.

    The device simply flashes the main screen for a moment and then goes right back to the activation required screen.

    Kudos to the guy for finding this. But he didn't bypass the system, the device is still unactivated and from what we see here can't even be used for anything. It certainly can't be resold for anything other than parts.

  • This does not disable the lock or make the device resalable. And the term "easy" shouldn't be used in this context.

Avoid strange women and temporary variables.

Working...