The Apple Activation Lock screen is there to prevent someone from stealing your Apple device and then being able to activate it to sell or use for themselves. Security researchers have now found a bug that allows them to bypass that Activation Lock screen and activate stolen or lost tablets and iPhones. The bug was first documented by security researcher Hemanth Joseph in November.
The researcher says that he bought an iPad on eBay and it was apparently locked. He found a method of bypassing the screen by entering an excessively long string of characters in the Wi-fi setup fields. The only thing a user can do when the Activation Lock is active is entier codes for nearby WiFi networks. Joseph created an overflow error in the Activation Lock layer by choosing “Other Network” and entering a long string of text in the “Name” and “Password” fields, neither of those fields has a character limit.
The overflow error crated causes iOS to freeze and then he crashed the security layer app by closing and opening the iPad smart cover giving access to the home screen. That bug was fixed with a patch in October. Now, other researchers have been able to bypass the Activation Lock using iOS screen rotation and Night Shift mode.
The video below shows the proof of concept with this bypass giving access to the home screen for a moment. That access window can be extended by pressing the power button. Apple is reportedly aware of this issue, but the hack is out there and unpatched for now. The fix will reportedly come with iOS 10.2, but the release date for that is unknown at this time.
SOURCE: Apple Insider