Slashdot Mirror

← Back to Stories (view on slashdot.org)

iOS's 'Activation Lock' For Stolen iPads And iPhones Can Be Easily Bypassed (computerworld.com)

Posted by EditorDavid on from the not-finding-your-iPhone dept.

An anonymous reader quotes ComputerWorld: Two researchers claim to have found a way to bypass the activation lock feature in iOS that's supposed to prevent anyone from using an iPhone or iPad marked as lost by its owner... One of the few things allowed from the activation lock screen is connecting the device to a Wi-Fi network, including manually configuring one. [Security researcher] Hemanth had the idea of trying to crash the service that enforces the lock screen by entering very long strings of characters in the WPA2-Enterprise username and password fields.

The researcher claims that, after awhile, the screen froze, and he used the iPad smart cover sold by Apple to put the tablet to sleep and then reopen it... "After 20-25 seconds the Add Wifi Connection screen crashed to the iPad home screen, thereby bypassing the so-called Find My iPhone Activation Lock," he said in a blog post.
There's also a five-minute video on YouTube which purports to show a newer version of the same attack.

54 comments

  1. Inaccurate Info by Anonymous Coward · · Score: 0

    iPhones are not included in this as they do not do landscape mode during the activation lock screen as iPads do.

    1. Re: Inaccurate Info by Anonymous Coward · · Score: 0

      Fanboi! Android is the best

    2. Re:Inaccurate Info by flyingfsck · · Score: 0

      My iPhone unlocked and dialed someone while in a little bag in my pocket, while cycling a couple days ago. So I have no idea what happened, but it proved that the lock is not secure.

      --
      Excuse me, but please get off my Pennisetum Clandestinum, eh!
    3. Re:Inaccurate Info by CaptainDork · · Score: 1

      This happened to my wife the other day. She uses a leather wallet case. I suspect she unintentionally launched Siri.

      Right here at my desk, I said, "Hey Siri ... call Sarah."

      The 5s is at the lock screen and said, "OK, calling Sarah."

      My wife answered her phone.

      I often wake Siri up during casual conversation.

      --
      It little behooves the best of us to comment on the rest of us.
    4. Re:Inaccurate Info by RhettLivingston · · Score: 4, Informative

      The article is not talking about that lock. It is talking about the lock that is placed on your device when you mark it as lost.

    5. Re: Inaccurate Info by Anonymous Coward · · Score: 0

      Over 1 million android phones infected recently, Samsung phones burning, no find my android phone, and still no seamless patching like iOS. I'll stick with iOS.

    6. Re:Inaccurate Info by Anonymous Coward · · Score: 0

      It's just as well if criminals can get past that lock, because the current scenario makes iPhone thefts much more violent: now, the thief holds the iPhone owner at gunpoint while they disable iCloud and wipe the device, while before, they just took the device and ran.

    7. Re: Inaccurate Info by Anonymous Coward · · Score: 0

      https://findmymobile.samsung.com/

    8. Re: Inaccurate Info by sheramil · · Score: 1

      Over 1 million android phones infected recently, Samsung phones burning, no find my android phone, and still no seamless patching like iOS. I'll stick with iOS.

      Wait.. you're dumping on android because you lost yours? You've got bigger problems, son.

    9. Re: Inaccurate Info by Anonymous Coward · · Score: 0

      Android is the worst

      Fixed that for you.

    10. Re: Inaccurate Info by Anonymous Coward · · Score: 0

      https://findmymobile.samsung.com/

      Does't work on my piece of shit LG, Motorola, Google phone.

      Fine my iPhone works on 100% of iOS and macos devices.

    11. Re: Inaccurate Info by Anonymous Coward · · Score: 0

      Google's Device manager (initially released for Google Apps only) actually predates Apple's offering considerably.

    12. Re: Inaccurate Info by lxs · · Score: 1

      Doesn't work on my AppleTV 2.

    13. Re: Inaccurate Info by brantondaveperson · · Score: 1

      Touché

    14. Re:Inaccurate Info by Anonymous Coward · · Score: 0

      Makes sense, though I'm hearing about this only now. Gah, people can be awful.

    15. Re: Inaccurate Info by Anonymous Coward · · Score: 0

      Your parents are pieces of shit for needlessly lying or just being ignorant.

      http://www.android.com/devicemanager

      That's every single Android device out there. now if you want apl to track and sell your personal info via their ad system without informed consent, then that's on you.
       

    16. Re: Inaccurate Info by kav2k · · Score: 2

      Have you tried googling "find my phone" while logged in to the same Google account as the phone?

    17. Re:Inaccurate Info by Anonymous Coward · · Score: 0

      Well, so a criminal (or police) can steal your phone, put it in his pants pocket and cycle off. After a while, the phone will beep and be unlocked, then he can change the code...

    18. Re: Inaccurate Info by mr100percent · · Score: 1

      Citation needed. Has this been reported anywhere?

    19. Re: Inaccurate Info by Anonymous Coward · · Score: 0

      So you are saying this mechanism does NOT bypass the activation lock?

    20. Re: Inaccurate Info by Anonymous Coward · · Score: 0

      People don't buy 100% of phones, they buy one. An informed buyer buys the one that has the features they want - that's how capitalism works.

      Most people who buy apple products are leftists who either don't understand capitalism, or who believe the indoctrination they received against it. That might also explain why Apple products are made as simple as possible. Indoctrination is moderated by really thinking.

  2. Lose by Anonymous Coward · · Score: 0

    and you snooze.

    No. Wait. Snooze and you lose? Howzatgo?

    1. Re:Lose by Anonymous Coward · · Score: 0

      With Jooze You Looze

  3. Lock implementation sounds like a simple flag by JoeyRox · · Score: 4, Insightful

    If the lock can be bypassed by crashing the GUI logic that presents the lock then that must mean Apple implemented the lock as a simple flag that triggers a UI view controller, and that once the view controller is dismissed (either normally or by crashing it) the logic doesn't check the flag again thereafter. They should have instead implemented it as something that hashes a critical data structure with the unlock code so that the OS can't run without being unlocked.

    1. Re:Lock implementation sounds like a simple flag by CaptainDork · · Score: 1

      And background processes?

      --
      It little behooves the best of us to comment on the rest of us.
    2. Re:Lock implementation sounds like a simple flag by Anonymous Coward · · Score: 0

      The activation lock is enabled on a stock iOS device with a fresh restore of the OS. You can't have something uniquely cryptographically encrypted when it's been restored from a generic disk image.

    3. Re:Lock implementation sounds like a simple flag by JoeyRox · · Score: 1

      The logic encrypted by the lock could be limited something essential only for the GUI.

    4. Re:Lock implementation sounds like a simple flag by CaptainDork · · Score: 1

      Sounds logical.

      --
      It little behooves the best of us to comment on the rest of us.
    5. Re:Lock implementation sounds like a simple flag by pushing-robot · · Score: 1

      Rather than shutting down the whole OS, it should be enough to prevent the rendering of or accepting input for most views while the device is locked. I would have assumed it already worked this way and there was some simple 'AccessibleWhileLocked'-type flag on view controllers. Thus whitelisted screens (lock screen, apple pay, camera, etc) would be available on locked devices, but everything else (home screen included) could be walled off until the device was successfully unlocked.

      Not that I'm surprised; to paraphrase H.L. Mencken, nobody ever went broke underestimating the security of critical software.

      --
      How can I believe you when you tell me what I don't want to hear?
    6. Re:Lock implementation sounds like a simple flag by cfalcon · · Score: 1

      Should they HAVE to, though?

      Remember, this is for bypassing an "are you the owner of this purged ipad" check. It's not security sensitive- the worst case scenario is that a thief gains access to a fully purged ipad. Your solution would work, but would be a lot of complexity, because as soon as the authenticated user bypasses the lock, the critical stage would have to be undone in some manner- for instance, the critical ciphertext could be replaced with plaintext, creating a potential failure point. Alternatively, the "authenticate" code could be replaced with a stub, penalizing every future bootup forever with it.

      It could be done, but I just don't see that it's all that important. This doesn't get you to user data, it just lets you use an ipad you stole after you reset it. That's undesired, but how about they just fix their shitty array boundary checking instead?

    7. Re:Lock implementation sounds like a simple flag by Anonymous Coward · · Score: 0

      Truly you are the oracle.

    8. Re:Lock implementation sounds like a simple flag by jonwil · · Score: 1

      If Apple can make a locked iPhone running a stock fresh OS install trigger a special lock app like this, they could just as easily make that same bit of "detect lock" code prevent the home screen from working. And the browser. And the app store. And iTunes. And all the other phone functionality.

      Ensure that a locked iPhone cant do anything but display the lock screen no matter how many times you flash it with a new system image.

    9. Re:Lock implementation sounds like a simple flag by JoeyRox · · Score: 1

      You're right, it's not a data security issue since this only affects whether someone can activate a wiped/stolen phone. However it is a physical security issue because the entire reason for implementing this anti-theft mechanism was to stop thieves from stabbing and shooting people for their expensive iPhones/Android devices.

  4. still need to have a call 911 mode by Joe_Dragon · · Score: 1, Interesting

    still need to have a call 911 mode on the lock screen for phones.

    1. Re:still need to have a call 911 mode by Anonymous Coward · · Score: 1

      You mean something other than the "Emergency" at the bottom left of the password entry screen?

  5. Watch the video by Anonymous Coward · · Score: 4, Interesting

    There is no hack. This is a troll and computerworld and slashdot fell for it.

  6. Slash your throat, idiots by Anonymous Coward · · Score: 1

    It's sad that retards at slashdot believed a fake story more than one year old. How's that 'removing fake news' thing going for you amerifags?

    And it doesn't remove any activation locks; just lets you use some applications, and reboot the stolen phone and you are back at the activation lock screen. And if it was possible to access the whole launch screen, still the software would trip at any step of the way. Think you could install a single app?

    To summarize: bravo, slashdot retards. Next thing, UFOs and hidden cities below earth's crust. And next thing: tune your chakras with these energy gems!

    1. Re: Slash your throat, idiots by Anonymous Coward · · Score: 0

      Zero links provided to prove fakeness...

      DANGER DANGER, FANBOY ALERT

    2. Re: Slash your throat, idiots by Anonymous Coward · · Score: 0

      DANGER DANGER, SCIENTIFIC METHOD ALERT

      fixed that for you :)
      It's not me who have to provide proof of "fakeness" of every retarded story creeping over the net. It's the poster who has to provide proof of "trueness"

      Enjoy your twisted view of the world, retard.

    3. Re: Slash your throat, idiots by Zero__Kelvin · · Score: 1

      Actually there is scientific evidence that the Chakra system is a fairly accurate model. I also don't completely rule out life on other planets though I concede it is pretty unlikely they would come here.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    4. Re: Slash your throat, idiots by Anonymous Coward · · Score: 0

      Worked permanently for me on an iPhone 5c. Try not to be so polarizing please, life has a lot of variables.

  7. Re:Th2i5 FP for GNAA by sheramil · · Score: 1

    the problems sanctions, and taken over by BSDI coolect any 5pilled least I won't during this file be a cock-sucking the project FreeBSD had long a relatively All know we want. Documents like a Trouble. It you to join the be a lot slower [samag.com] in the developers the goodwill conducted at MIT the most vibrant for it. I don't Own lube, beverage, contaminated while survey which towels on the floor REPRESENTS THE

    Go home, Doctor Bronner, you are drunk.

  8. that's not really bypassing the lock by YesIAmAScript · · Score: 5, Informative

    The point of the lock is to make the device less valuable for resale. And this, because it doesn't remove the lock, doesn't invalidate that.

    The device simply flashes the main screen for a moment and then goes right back to the activation required screen.

    Kudos to the guy for finding this. But he didn't bypass the system, the device is still unactivated and from what we see here can't even be used for anything. It certainly can't be resold for anything other than parts.

    --
    http://lkml.org/lkml/2005/8/20/95
    1. Re:that's not really bypassing the lock by Anonymous Coward · · Score: 0

      Makes me wonder about those guys who "bum rush" the Apple Stores and steal all the working display models the customers play with. Cant activate them without Apple taking it personal and crawling up their ass.

    2. Re:that's not really bypassing the lock by Anonymous Coward · · Score: 0

      A flash is enough. Is that flash a cached image of the main screen or the actual main screen? Android had (still has?) a similar exploit. If you're quick enough you can slowly trigger inputs and do things 'behind' the lock screen. It's trivial to make a fast enough Lego robot that does it for you. Plus even a flash of the main screen is enough to get an idea of what the user typically users their phone for.

    3. Re:that's not really bypassing the lock by Anonymous Coward · · Score: 0

      Except that activation lock would show up only after the phone has been reset.

      There would be no personal data on the device at this point.

    4. Re:that's not really bypassing the lock by garote · · Score: 1

      No need to activate them. Just sell them cut-rate to suckers farther down the food chain and move on.

  9. Please... by Anonymous Coward · · Score: 0

    How many clowns that steal iPhones and iPads will be aware of this? Plus now that it's known it'll be fixed in iOS 10.2. Non-story. Try harder next time.

  10. Thank you!!!!! by Anonymous Coward · · Score: 0

    My son changed the password on his iPhone and forgot it. We've locked out of it for a year and Apple refused to help us. This hack will work to get back up and running!

  11. Don't lose it, in the first place by Anonymous Coward · · Score: 0

    Stop being careless with a $700 piece of electronics. That's the best way for it not to be stolen.

  12. Worked for me by Anonymous Coward · · Score: 0

    Just verified this approach on an old at&t iPhone 5c given to me by a friend.

    1. Entered special chars in both fields until it locked up.
    2. Waited until it fell asleep.
    3. Woke it up
    4. It went straight to home screen.

    I've tried turning it completely off then on again, activation lock is still bypassed.

    Just wanted to throw this out there because some commenters are claiming it's a fake. Definitely worked for me, I was surprised as the video doesn't seem too convincing.

    For those of you railing against how this is fake, perhaps next time you should verify something yourself before spreading misinformation of your own.

  13. Title is clickbait by MikeDataLink · · Score: 1

    This does not disable the lock or make the device resalable. And the term "easy" shouldn't be used in this context.

    --
    Mike @ The Geek Pub. Let's Make Stuff!