You can find a way to break through iOS 10.1.1 activation lock with buffer overflow attack

"ITunes Lock" is a feature of iOS that can prevent you from using arbitrarily lost device, but activation of iPad with "iOS v10.1.1" which becomes the latest version at the time of article creation RockBuffer overflow attackResearchers have released movies that break through with the technique called.

Apple iOS v 10.1.1 - Access Permission via Buffer Overflow
https://www.vulnerability-lab.com/get_content.php?id=2018

You can see the actual movie breaking through the activation lock by vulnerability in iOS 10.1.1 from the following movie.

Apple iOS v10.1.1 - iCloud & Device Lock Activation Bypass via local Buffer Overflow Vulnerability - YouTube


First turn the power on by turning the iPad that was activated activation lock sideways.


As the Wi-Fi network selection screen is displayed, tap "Select another network" at the bottom.


Since the manual entry field is displayed, enter appropriate text and pictograms for the Wi - Fi network name.


When inputting to a certain extent, select all and copy it, it becomes possible to paste a long string of characters consecutively.


After pasting for a while tap "Security".


Either "WEP", "WPA" or "WAP 2" is OK here.


Tap "return" ......


As the password entry field appears, we will paste a long string of characters repeatedly as before.


When the character string becomes too long, the operation of the iPad gets fuzzy, so put the terminal in portrait ... ...


Smart Cover is patted.


When opening Smart Cover, the screen is still dark, but with the iPad sideways, resuming the pasting of the text is resumed.


After freezing again, turn portrait and close Smart Cover.


When you open Smart Cover, the screen does not rotate and it remains frozen.


Hold the screen sideways and press and hold the Home button ......


The home screen will be displayed for a moment and you will be able to access the terminal with the activation lock released after that.


IT-related news media ·Ars TechnicaWhen reproducing this procedure, it means that iPad mini 2 succeeded in releasing the activation lock. On the other hand, Ars Technica points out that it is a vulnerability peculiar to the iPad, because the setup screen does not reproduce on the specification iPhone which does not rotate.