Blocking activation present in Apple 's iOS devices, is a tool implemented in iOS 7 inside the package Find My iPhone / Find my iPhone - or Find My iPad / Find my iPad respectively - with excellent results when starting a emergency protocol against theft and / or loss of our iPhone or iPad. Once activated the function, besides blocking the terminals, allows its geolocation, telematic deletion or the emission of an emergency beep. Very useful measures lose their effectiveness when its weakness is demonstrated.
And is that recently and completely randomly has reported a major security failure in both iPad and iPhone on said screen Lock activation. The find was discovered by software researcher Hemanth Joseph, who had just bought an iPad on eBay and was customizing it. When it appeared the lock screen activation, just introduced a long random string of characters in the configuration of your Wi - Fi, producing a bug that jumped the security layer and allowed to access the contents of the iPad.
The activation lock function is intended to prevent third parties such as thieves or simply unauthorized users from accessing a stolen or lost iOS device. When an Apple user reports via Find My iPhone - or Find My iPad in the case of Apple's tablet - the disappearance of your iPad or iPhone, this screen appears automatically on the device, blocking the terminal for the introduction of ID Apple genuine owner, you will have to check.
If anyone wants to access the contents of the iPad or iPhone, you will have to modify these security settings, for this you must enter the relevant credentials. That's when Apple checks the owner's identity with their servers over the internet. This is where the researcher found the vulnerability.
At the time a device is locked, iOS requires such a network connection for verification. Then, simply he pressed on other networks and introduced a long string of random characters to fill in the spaces, which incidentally no limit text input. When this happened, the iPad was not automatically unlocked, Joseph had to lock and unlock his device by placing the cover of the case. To redisplay the screen of your iPad, it was completely unlocked and desktop access.
Apple remedied this important bug with IOS release 10.1.1 in October, but try SecurityWeek have become simply tinkering with the rotation of the screen and activated night mode, as you can see in the video above. Undoubtedly, a very unpromising protection. As you can see, briefly appears the screen with the date and time, but if we press the power button, we stabilize the process and we unblock it completely. This bug is also extensible to iPhone.
So far Apple is already aware of this new security hole and promises to resolve it on the imminent launch of IOS 10.2, still no date.