A method to bypass Apple's iCloud Activation Lock, which was discovered in November is still working on the latest iOS 10.1.1 firmware. Researchers from Vulnerability Labs were able to recreate the hack and discovered a similar bug to bypass iOS 10.1.1 iCloud Activation lock on iPhone and iPad.
Apple iCloud Activation Lock
The iCloud Activation Lock is a security measure used by Apple to stop thieves or others from gaining access to lost or stolen iPhone, iPad or iPod Touch. Only the original owner will be able to unlock the device after entering the Apple ID and Password.
This feature is automatically switched on when Find My iPhone is enabled. There is no way to get through this activation lock as it appears even after performing a factory reset or fresh firmware install. To unlock the device, the user would have to enter the Apple ID and Password used on the device. The credentials are stored on Apple's servers for cross-checking.
Bypass iCloud Activation Lock
In November, a researcher was able to bypass the lock by crashing the security layer altogether, according to Apple Insider. By using a very long password and name in the Wi-Fi setup option on an iCloud locked device, the researcher was able to break the security and gain access to the Homescreen.
The researcher managed to do this on an iPad running iOS 10.1 purchased off of eBay. To deactivate the lock, Apple requires the device to be connected to a Wi-Fi network. This is where the flaw was discovered. However, Apple fixed this bug with the release of iOS 10.1.1, or so it was believed.
Recently, the researchers at Vulnerability Labs were able to bypass iOS 10.1.1 iCloud Activation lock by enabling Night Mode and using the iPad in Landscape mode, as per PhoneArena. They posted a video on YouTube showing the concept in action. It is not clear if Apple knows about this bug and if they have a fix for it. iOS 10.2 is just around the corner and it is possible that Apple may have closed the loophole.