Wednesday December 12, 2018
Home Science & Technology Kerala-Based ...

Kerala-Based Security Researcher Hemanth Joseph Bypasses Apple’s iPad Activation Lock: Report

Joseph is currently working as information security researcher at the firm Slash Secure and also serving as commander at Kerala Police Cyberdome

0
//
Apple Ipad, Source: Apple.com
Republish
Reprint

New York, Dec 2, 2016:  Hemanth Joseph, a Kerala-based security researcher, has identified a bug running in iOS 10.1 version of Apple’s operating system that allowed him to bypass the activation lock on an iPad.

The activation lock in Apple’s iPhone or iPad is hard for anyone other than the owner of the device to hack and set it up as a new device.

Mr Joseph bypassed the activation lock in a locked iPad by discovering a weakness in the device setup process running iOS 10.1, Forbes reported on Friday.When Mr Joseph was asked to select a Wi-Fi network, he chose ‘other network’ and selected WPA2-enterprise as the type of network to connect to, that gave him three input fields to fill — name, username and password.

NewsGram brings to you current foreign news from all over the world.

Hemanth Joseph, a Kerala-based security researcher and now a commander at Kerala Police Cyberdome, Source: Facebook
Hemanth Joseph, a Kerala-based security researcher and now a commander at Kerala Police Cyberdome, Source: Facebook

When Mr Joseph was asked to select a Wi-Fi network, he chose ‘other network’ and selected WPA2-enterprise as the type of network to connect to, that gave him three input fields to fill — name, username and password.

Upon testing, he came to know that there is no character restriction in those fields and he typed thousands of characters than iOS can handle, expecting that it would cause the software to crash.

This caused the iPad to freeze and then he locked it by closing Apple’s magnetic Smart Cover over the screen. After opening the cover, the device was at the same screen, but as few seconds passed by, it crashed to iOS home screen.

NewsGram brings to you top news around the world today.

This made Mr Joseph bypass the activation lock and to have full access to the iPad.

The bug discovered by Mr Joseph was reportedly fixed in an iOS update last month.

According to Mr Joseph’s website, he is currently working as information security researcher at the firm Slash Secure and also serving as commander at Kerala Police Cyberdome.

Check out NewsGram for latest international news updates.

He is the founder of India’s first open security community for students called 0SecCon.

Joseph has been listed in Google’s Hall of fame and received a bounty of $7500 for reporting a critical vulnerability in Google Cloud Platform.

Earlier, researchers at US-based Vulnerability Lab discovered the iOS 10.1.1 bug. Like Joseph, the team began by overloading the Wi-Fi setup fields and employed a smart cover. Just like in Mr Joseph’s iPad scenario, the home screen appeared for an instant and then it’s gone. (IANS)

Click here for reuse options!
Copyright 2016 NewsGram

Next Story

Aadhaar Helpline Mystery: French Security Expert Tweets of doing a Full Disclosure Tomorrow about Code of the Google SetUP Wizard App

0
cryptocurrency. google
Google, Facebook face greater scrutiny in Australia. Wikimedia Commons

Google’s admission that it had in 2014 inadvertently coded the 112 distress number and the UIDAI helpline number into its setup wizard for Android devices triggered another controversy on Saturday as India’s telecom regulator had only recommended the use of 112 as an emergency number in April 2015.

After a large section of smartphone users in India saw a toll-free helpline number of UIDAI saved in their phone-books by default, Google issued a statement, saying its “internal review revealed that in 2014, the then UIDAI helpline number and the 112 distress helpline number were inadvertently coded into the SetUp wizard of the Android release given to OEMs for use in India and has remained there since”.

Aadhaar Helpline Number Mystery: French security expert tweets of doing a full disclosure tomorrow about Code of the Google SetUP Wizard App, Image: Wikimedia Commons.

However, the Telecom Regulatory Authority of India (TRAI) recommended only in April 2015 that the number 112 be adopted as the single emergency number for the country.

According to Google, “since the numbers get listed on a user’s contact list, these get  transferred accordingly to the contacts on any new device”.

Google was yet to comment on the new development.

Meanwhile, French security expert that goes by the name of Elliot Alderson and has been at the core of the entire Aadhaar controversy, tweeted on Saturday: “I just found something interesting. I will probably do full disclosure tomorrow”.

“I’m digging into the code of the @Google SetupWizard app and I found that”.

“As far as I can see this object is not used in the current code, so there is no implications. This is just a poor coding practice in term of security,” he further tweeted.

On Friday, both the Unique Identification Authority of India (UIDAI) as well as the telecom operators washed their hand of the issue.

While the telecom industry denied any role in the strange incident, the UIDAI said that he strange incident, the UIDAI said that some vested interests were trying to create “unwarranted confusion” in the public and clarified that it had not asked any manufacturer or telecom service provider to provide any such facility.

Twitter was abuzz with the new development after a huge uproar due to Telecom Regulatory Authority of India (TRAI) Chairman R.S. Sharma’s open Aadhaar challenge to critics and hackers.

Ethical hackers exposed at least 14 personal details of the TRAI Chairman, including mobile numbers, home address, date of birth, PAN number and voter ID among others. (IANS)

Also Read: Why India Is Still Nowhere Near Securing Its Citizens’ Data?