Student from Kerala finds a backdoor in Apple’s secure lock feature

Hemanth Joseph, an engineering student, has found out a route to bypass Apple’s highly secure activation lock, which allows the owner to prevent others from using the iPhone, iPad, iPod Touch or Apple Watch once it is stolen or lost.

“I found out a way to bypass the lock screen when somebody tries to open any of devices, locked by the owner using ‘Find iPhone’ app,” said Joseph, a final-year mechanical engineering student at Amal Jyothi College of Engineering, Kanjirappally.

What Joseph used was the security lapse in the input fields for name, username and password. “There was no character limit in those input fields. No one will set a Wi-Fi name with a 10,000-letter name or a password with 10,000 letters so a character limit is important for fixing this bug,” Joseph wrote in his blog, after his friends prompted him to reveal how he did it.
Joseph, who calls himself a ‘security researcher’, ventured into the world of ‘bug hunting’ at a relatively young age – while studying for plus two. Few months ago, he won US$ 7,500 (Rs 5 lakh) from Google for pointing out a bug in its Cloud platform. Similar feats won him acknowledgements from more than 45 companies, which include AT&T, Pebble, Twitter and Microsoft. This time, Apple has written to him saying they are investigating the issue.