The iCloud Activation Lock feature of Apple that is designed to disable stolen devices powered by iOS can be bypassed. This can be done by fiddling with the login screen and the smart cover of iPad, letting thieves to wipe all the data from the iPad devices and resell them.
A security blogger from India identified a way to disable the Activation lock. Hemanth Joseph, who describes himself as a “cyber security enthusiast,” uploaded a YouTube video that shows him flooding the Wi-Fi network login screen of an iPad with character inputs and then opening and closing the smart cover of the device.
Doing this will help to take advantage of a security loophole in the Wi-Fi login system of Apple devices. The password field of the Wi-Fi login system seems to have no limits. This means that entering a very long password will cause the system to crash, after which opening and closing the smart cover of the device will cause it to display the home screen. Yes! The home screen – and from there, a thief could reset the device to wipe all the data and sell it.
The Activation lock feature was introduced by Apple in iOS 7. When the feature is working properly, it will need an Apple ID and password to reactivate the device in case the owner loses the device and remotely wipe all the data in the device making use of the Find My iPhone feature.
Joseph wrote in a blog post that he has shared his finding with Apple and they responded that their experts are investigating on his findings. However, Apple representatives did not immediately respond to request for comments about their plans to get rid of this particular vulnerability in Apple devices.
The activation lock feature of Apple devices has been a hacking target before. In 2014, a tool was released by two hackers, which allowed users to connect a bricked iOS device to a computer and make changes to the host files that are residing inside the device. The iPad or iPhone was then tricked to connect to a hacked server to unlock the gadget.