While Apple products owners are going around the world telling everyone that their products are safest of them all, this particular Kerala-based researcher decided to silence them all with his one action.
Hemanth Joseph is currently in the news for successfully bypassing Apple's iPad activation lock. He achieved this admirable feet by identifying a bug running in Apple's iOS 10.1 version OS.
For people who don't know a lot about Apple, hacking activation lock in Apple products and setting it up as a new device for anyone other than the owner is an extremely difficult task to achieve.
According to a Forbes report, Joseph was able to bypass a locked iPad's activation lock by coming across a weakness in the device setup process whilst running Apple iOS 10.1.
Upon being asked to select a Wi-Fi network during the setup, he decided to go with 'other network' and then ended up selecting WPA2-enterprise as the type of network to connect with. This ended up giving him 3 fields to fill -- name, username, and password.
While continuing this setup process, Jospeh came across the fact that Apple had no character restrictions set in these fields. He ended up typing thousands of characters than Apple's iOS can handle, and expected that this would result in a software crash.
The result was that the iPad frozs. Jospeh then decided to lock it by closing Apple's magnetic Smart Cover over the screen. When the cover was opened, the iPad was discovered to be at same screen, but just after a few second, it ended up crashing to its iOS home screen.
This finally gave Jospeh a chance to bypass the activation lock and have full access of the iPad.
Reportedly, the bug found by Jospeh has already been fixed last month in an iOS update.
Kerala-based Hemanth Joseph is currently working at Slash Secure firm as a information security researcher. In addition to this, he is also a commander at the Kerala Police Cyberdome, and the founder of 0SecCon, India's very first open security community for students.
Earlier in his life, he has had a similar experience with Google when he reported a critical vulnerability in the tech giant's Google Cloud Platform. In addition to receiving an award of $7500, he was also listed in Google's Hall of fame.
A little while back, researchers at a United-based Vulnerability Lab had been successful in finding the iOS 10.1.1 bug. As Joseph did, the team of researchers also started by overloading the Wi-Fi setup fields and making use of smart cover. As it had happened with Joseph's iPad, the product's home screen appeared for a few seconds, before it's gone.
So, this means, Apple products aren't that safe after all.
No comments
Post a Comment