Two weeks ago, we spoke of a serious flaw in iOS that, given some conditions, allowed access to any device blocked with a password or Touch ID (and apparently still does, since the breach has not yet been fixed in iOS 10.2 betas. ). Today, we bring you another bug that allows improper access to a iGadget, but this time in another situation: when the device is in Activation Block iCloud.
It is explained: when the user has his / her device lost or stolen and uses the Find iPhone / iPad feature, the Activation Lock is automatically activated and requires authentication using the Apple ID and password of the account linked to the device. Without it the device does not work, which would potentially inhibit the action of malicious people wanting to sell stolen iPhones or iPads (in theory, at least).
The gap we are referring to here, however, allows anyone to access even for a brief period of time one iGadget blocked by iCloud, and in a way that in equal proportions is simple and weird: it is necessary to enter the Wi-Fi settings, select "another network", choose the WPA2 security mode and enter an absurd amount of emojis in the name and password fields.
Then, the device starts to choke and, with the help of the outside button and the rotation sensor, eventually the Start screen (Home) on your device appears on the screen. In the video below, this magical (and improper) appearance lasts only a few milliseconds, but according to the researchers, it can be prolonged by pressing the outside button very quickly.
The flaw was originally discovered by security researcher Hemanth Joseph and (badly) fixed by Apple on iOS 10.1.1; after that, however, the research firm Vulnerability Labs managed to gain access to a locked iPad in this same version of the system the only difference is that this time the fault was only reproduced with the help of the rotation sensor, which was not previously necessary.
Apple has yet to comment on the matter and it is still uncertain whether the problem will be corrected in iOS 10.2, which today reached its fifth test compilation. Therefore, in the near future, we will make an extra effort so that our iPhones and iPads will not be stolen by the gap that has a friend of the others because of the gap