For normal consumers, reclaiming an iCloud locked device is usually pretty straight forward – take your proof of purchase to an Apple Store and they’ll generally unlock it for you. Business entities have the same path to reclaiming devices, generally, except depending on how the iPads were acquired, getting that proof of purchase may not be possible. If that’s the case, get ready for months of back and forth with Apple. That’s what I had to do.
If you happen to have such an iPad and want another crack at making it useful again, Indian security researcher Hemanth Joseph has published a method on his blog that exposes and exploits a (now patched) security hole in iOS.
The hole can be exploited during the activation process, more specifically, on the network setup screen. It is there that by choosing a certain arrangement of options and then entering a boatload of characters and by utilizing an iPad magnetic Smart Case, one can cause the activation/iCloud lock software to crash back to springboard and viola – full access. On that note, After testing it first hand, following Hemanth’s steps does indeed bypass the iCloud lock screen, albeit for a few short seconds after which the iCloud lock app is automatically restarted, thereby re-locking the iPad.
Per Hemanth’s post, Apple seems to have patched this hole on November 16th (waiting for clarification). But if that’s the case, and the iPad was iCloud locked, no update could be pushed down (normally, anyway). And, it would explain for my first hand encounter in which it doesn’t stay unlocked.
One of the more unique iOS exploits in recent member for sure.
Source: Hemanth Joseph