Your IT Consultant

Overflow Exploit Bypasses Locked iPhones

December 5, 2016

Another day…another bug. This one impacts Apple devices running iOS 10.1.1. The exploit discovered by Vulnerability Lab security analyst Benjamin Kunz Mejri uses a buffer overflow exploit and some iPad-specific bugs to bypass Activation Lock in iOS 10.1.1. According to a report in ars technica, "When you're setting up a freshly reset iPad with Activation Lock enabled, the first step is to hit "Choose Another Network" when you're asked to connect to Wi-Fi. Select a security type, and then input a very, very long string of characters into both the network name and network password fields (copying and pasting your increasingly long strings of characters can speed this up a bit). These fields were not intended to process overlong strings of characters, and the iPad will gradually slow down and then freeze as the strings become longer. During one of these freezes, rotate the tablet, close its Smart Cover for a moment, and then re-open the cover. The screen will glitch out for a moment before displaying the Home screen for a split second, at which point a well-timed press of the Home button can apparently bypass Activation Lock entirely (but it will have to be extremely well-timed, since the first-time setup screen will pop back up after a second)."

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com