Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

This is How to Bypass “iCloud Activation Lock” on iPhone and iPad

 

 

Apple is using iCloud activation lock feature to protect data of that user, who lost their devices. A security flaw has been discovered by a security researcher, which is allowing to bypass this iCloud activation lock. By exploiting this flaw, anyone can get access to the home screen of locked iPhones and iPads. But it is possible for that locked devices, which are running the latest version of iOS. A Proof-of-Concept video has been published by the researcher. Both versions of iOS (10.1 and iOS 10.1.1) have this security flaw.

 

iCloud Activation Lock Feature

All the apple users are familiar with “Find My iPhone” feature of iPhones and iPads. An apple user can activate ‘Lost Mode” from this feature if his device has been stolen or lost. When the user activates lost mode, iCloud Activation lock feature enables automatically. The thief or someone who got the lost apple device, will not be able to use that device without the permission of its owner. The access to “Apple id” is a must to reuse that locked device.

 

What is the Flaw?

The user can still connect a locked apple device to a Wi-Fi network. If he will choose “other network” he has to put network SSID and its security key. In this case, he also has to choose a security protocol from WPA2 and WEP. Apple is not using any type of limitation for these input fields. The user can input unlimited characters in these input fields. An attacker can trigger a crash by entering long strings into these input fields. This crash can expose home screen of the device. This flaw has been exploited by two different security researchers on iOS 10.1 and iOS 10.1.1.

 

Here is the Proof-of-Concept Video: https://goo.gl/a2z25k

 

iOS 10.1 

In iOS 10.1, this security flaw was exploited by an Indian security researcher “Hemant Joseph”. He bought a locked iPhone to analyze iCloud activation lock feature. He successfully exploited this security flaw by entering long strings. He successfully triggered a crash and got the access to the home screen by closing and opening the smart case.

 

iOS 10.1.1

A Security Researcher at Vulnerability Lab, also performed the same attack on 10.1.1 running devices. Initially, it was not working but then he performed the same action after turning on “Night Shift Mode” and “Screen Rotation Feature.” He successfully triggered a crash got access to the home screen. According to Kunz-Mejri (Founder of Vulnerability Lab), the home screen appears for seconds but by pressing the power button quickly, access can be maintained.

 

Other Hot Hacking News: 

Beware iPhone Users, This Freezing Video Can Completely CRASH Your iPhone

Confidential Terrorist Data of Europol Exposed Online By One of Its Employees

Biggest Irish Telecommunication Company Eir Hit By DDoS Attack

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.