Hemanth Joseph, a final-year mechanical engineering student at Amal Jyothi College of Engineering, Kanjirappally, has found a way to overturn Apple’s highly secure activation lock that appears on an iPhone or iPad lock screen.
“I found out a way to bypass the lock screen when somebody tries to open any of devices, locked by the owner using ‘Find My iPhone’ app,” Joseph said in a statement to the ET.
Joseph had bought an iPad from eBay, but when he received the device, he found that it was locked. Reportedly, he “bypassed the activation lock on the iPad by discovering a weakness in the setup process of the device running iOS 10.1.” During the set-up process, when the device asked him to choose a wifi network, he chose ‘other network’ and selected WPA2-enterprise type network.
In the next field, where one is supposed to enter the name and password of the wifi, Joseph just kept on filling random letters. Apparently, there’s no limit to how many characters you can enter in those fields, and Joseph dumped thousands of letters in there. When he finally clicked “connect”, the device couldn’t handle the information, and the finally crashed. When he turned on the iPad again, it went straight to the home screen.
Joseph explained his process on his blog:
“There was no character limit in those input fields. No one will set a Wi-Fi name with a 10,000-letter name or a password with 10,000 letters so a character limit is important for fixing this bug. […] We can enter as many characters as we like to that field. Perfect for creating an OverFlow.”
Apple is not the first company to come under the radar of Mr Joseph. He has already earned accolades from the top tech companies over the past couple of years by exposing loopholes in their security systems. In fact, he won a $7,500 prize from Google for bringing to light a glitch in their cloud platform.
“Finding software flaws in social networking sites and gadgets has been a passion for Hemanth Joseph. He belongs to the brigade of ethical hackers who help software firms identify chinks in the software system of social networking sites and gadgets and correct them internally,” reports The Indian Express.
Source: ET