Two researchers claim to have found a way to bypass the activation lock feature in iOS that’s supposed to prevent anyone from using an iPhone or iPad marked as lost by its owner.
The first report came Sunday from an Indian security researcher named Hemanth Joseph, who started investigating possible bypasses after being confronted with a locked iPad he acquired from eBay.
The activation lock gets enabled automatically when users turn on the Find My iPhone feature via iCloud. It links the device to their Apple IDs and prevents anyone else from accessing the device without entering the associated password.
One of the few things allowed from the activation lock screen is connecting the device to a Wi-Fi network, including manually configuring one. Hemanth had the idea of trying to crash the service that enforces the lock screen by entering very long strings of characters in the WPA2-Enterprise username and password fields.
The researcher claims that, after awhile, the screen froze, and he used the iPad smart cover sold by Apple to put the tablet to sleep and then reopen it. This is supposed to restore the state of the tablet from where it was left off, in this case, loading the WPA2 screen again with the long strings of characters filled in.
“After 20-25 seconds the Add Wifi Connection screen crashed to the iPad home screen, thereby bypassing the so-called Find My iPhone Activation Lock,” he said in a blog post.
Hemanth said he reported the issue to Apple on Nov. 4, and the company is investigating it. He tested the bypass on iOS 10.1, which was released on October 24.
On Thursday, another researcher named Benjamin Kunz Mejri, from German outfit Vulnerability Lab, posted a video showing the same bypass, but on the newer iOS 10.1.1 version.
Kunz Mejri’s method is similar and also involves overflowing the Add Wi-Fi form fields with long strings of characters but also requires rotating the tablet’s screen in order to trigger the crash after the smart cover trick.
Apple has not yet confirmed that issue and did not immediately respond to a request for comment.