Hemanth Joseph, the young mastermind, who works out of Kerala exploited a weakness in the iOS device setup process. He proved that the iPhone Activation Lock has a flaw in it. He explains it in detail in a blog post.

 

 

The Activation Lock is a new feature in iOS 7 that allows you to remotely wipe all the data on your iPhone, iPad, or iPod touch in case it gets lost or stolen. Hemanth explains in his post how if you enable this feature, the thief while turning ON your iPad/iPhone will be prompted to connect to an Apple Server using a WiFi to check whether the iPhone Activation Lock is ON or Not. If the lock is enabled, the attacker will be again prompted to Enter the Username and Password of the iCloud Account linked to that iPad/iPhone. These details are essential to unlock the device and thereby protecting all the data by making that iPad useless.

 

 

Hemanth discovered a bug that could allow someone to bypass Apple's activation lock in its iOS 10.1 version. He then tested it on a locked iPad he purchased online. When asked to choose a WiFi network, he simply chose 'other network' and then proceeded to fill its name and a WPA2-enterprise key in with thousands of characters. His thought was that enough data in those fields would cause the device to freeze, and he was right, the Forbes reported. After figuring out how to freeze the iPad, he began to work on a way to make the setup process fail and take him on the home screen. If a thief had this figured, then he could access to all your personal data, documents, saved passwords and also can sell your iPad as it will work fine.

 

 

Pressing the sleep/wake button merely restarted the wizard, but with a little help from the magnetic catch in Apple's Smart Cover and some practice to perfect the timing, Joseph succeeded. He demonstrated the bypass in a video uploaded to Google Drive, the report said.

 

 

The bug discovered by Joseph was reportedly fixed in an iOS update last month. Apple is very particular about its device and security measures. If it suspects your account has been hacked it will suspend it, however, Hemanth’s exposure of the flaw has proved how technology is constantly evolving and widening world of cyber security.