The Apple mobile operating system, known as iOS, is not as invulnerable as people may want to believe. A new security leak has been discovered which allows assailants to bypass the activation lock. In doing so, they can gain “remote access” to the iOS device. To make matters worse, this exploit can be used through an average WiFi connection.
New iOS Bug Poses A Significant Risk
Discovering these vulnerabilities usually does not occur by actively looking for it. In fact, this particular bug was discovered by a user who purchased an iPad off eBay, which had a Cloud security lock function enabled. Any device under this security lock can not be used unless the user enters a password. Unfortunately, that is not necessarily the case.
Once the user set up this WiFi connection on the iPad itself, he discovered a way to bypass this iCloud protection measure. As he selected a “different” network, he also entered a long list of different symbols when the login prompt came up. For some reason, this confused the iOS security and allowed him to effectively bypass the activation lock without a password.
To put this into perspective, the vulnerability seems to behave like a standard buffer overflow attack. As the iOS operating system actually locks up and grants full admin access to the user, any security measures put in place can be bypassed without further action. This is not a positive feature for the iOS ecosystem, although Apple has already fixed the flaw in the next version of its OS.
Users owning an Apple device running iOS version 10.1 are susceptible to this exploit, although the new update is expected to be released in the coming weeks. Unfortunately, security firm Vulnerability Lab discovered a way to bypass Apple’s fix, and use a very similar exploit to bypass the activation lock yet again.
Once the login prompt for the different Wifi network shows up, people can enter the same long line of symbols. However, they need to rotate the screen first and put the Smart Cover on the screen for a brief moment. Doing so actually results in the activation lock being bypassed, although it is far less inconspicuous to do so.
For the time being, it remains uncertain which devices are affected by this vulnerability thus far. iPads seem a very likely target, as the exploit was discovered and tested on such a machine. iPhones remain safe from harm by the look of things, although it is still a bit early to tell for sure.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.