Kerala youth cracks ‘secure’ Apple lock
Hemanth Joseph, an engineering student, has found out a route to bypass Apple’s highly secure activation lock, which allows the owner to prevent others from using the iPhone, iPad, iPod Touch or Apple Watch once it is stolen or lost.
‘I found out a way to bypass the lock screen when somebody tries to open any of devices, locked by the owner using ‘Find iPhone’ app,’ said Joseph, a final-year mechanical engineering student at Amal Jyothi College of Engineering, Kanjirappally.
What Joseph used was the security lapse in the input fields for name, username and password. ‘There was no character limit in those input fields. No one will set a Wi-Fi name with a 10,000-letter name or a password with 10,000 letters so a character limit is important for fixing this bug,’ Joseph wrote in his blog, after his friends prompted him to reveal how he did it.
It all started with Joseph buying a used iPad from eBay for his friend and finding out that it was locked by the previous owner. While playing around with the ‘bricked’ tablet, he found out that it doesn’t have a character limit for input fields for the verification before connecting to the ‘another Wi-Fi network’ option. ‘We can enter as many characters as we like to that field. Perfect for creating an OverFlow,’ he wrote in his blog.
Joseph, who calls himself a ‘security researcher’, ventured into the world of ‘bug hunting’ at a relatively young age - while studying for plus two. Few months ago, he won US$ 7,500 (Rs 5 lakh) from Google for pointing out a bug in its Cloud platform. Similar feats won him acknowledgements from more than 45 companies, which include AT&T, Pebble, Twitter and Microsoft. This time, Apple has written to him saying they are investigating the issue.
Source: The Times of India