iPad 2 can be unlocked without password

Kadongy

"It's not a bug; it's a feature"

http://www.theinquirer.net/inquirer/news/2119267/inquirer-demos-ipad-security-flaw

Anyone with a Smart Cover can break into a "password-protected" Ipad 2, as we show in our video. The person who unlocks the device has access to anything that was on the screen before it was locked, including email, messages, and settings.
To recreate the problem, we locked the password protected device, held down the power button until it reached the turn off slider, closed Smart Cover, opened Smart Cover and clicked cancel on the bottom of the screen.
However we found that the problem was inconsistent, and did not crop up every single time we tried to recreate it.
This issue is not just confined to IOS 5, since IOS 4.3 also exhibits the vulnerability.

Video in link shows how easy this is.

whiterebel

Seriously, how many millions times a day do they think that sequence is going to happen?

Kadongy

whiterebel wrote: »

Seriously, how many millions times a day do they think that sequence is going to happen?

They're not saying it's going to happen incidentally - they're saying that someone could deliberately access your tablet without permission or a password.

whiterebel

Kadongy wrote: »

They're not saying it's going to happen incidentally - they're saying that someone could deliberately access your tablet without permission or a password.

So the owner will have to go through those exact steps before anyone could access it? Again, how many times are people going to go through that sequence, and then leave it where someone can try pressing the cancel. Anytime I do a reset on mine, I wait and log it back in properly.

Kadongy

whiterebel wrote: »

So the owner will have to go through those exact steps before anyone could access it? Again, how many times are people going to go through that sequence, and then leave it where someone can try pressing the cancel. Anytime I do a reset on mine, I wait and log it back in properly.

Well my understanding is that someone could bypass the password on any locked iPad by following these steps. That's a major flaw.
If you personally dont use your iPad in a way to expose yourself to this flaw - well that doesn't change the fact it's still a major flaw. It also raises questions about the security of the device in general.

Seperate

I don't leave mine anywhere that someone I wouldn't want seeing my information can do that.

whiterebel

Kadongy wrote: »

Well my understanding is that someone could bypass the password on any locked iPad by following these steps. That's a major flaw.
If you personally dont use your iPad in a way to expose yourself to this flaw - well that doesn't change the fact it's still a major flaw. It also raises questions about the security of the device in general.

Did you actually look at what you have to do first? The person who owns it actually has to do these exact steps first - a bit like having to leave a key in a door for the burglar to turn it?

Kadongy

whiterebel wrote: »

Did you actually look at what you have to do first? The person who owns it actually has to do these exact steps first - a bit like having to leave a key in a door for the burglar to turn it?

If the owner only has to lock it for it to vulnerable. An informed intruder would be able to carry out the other steps themselves.

whiterebel

Kadongy wrote: »

If the owner only has to lock it for it to vulnerable. An informed intruder would be able to carry out the other steps themselves.

One of us isn't getting this, and I've a feeling it isn't me
The owner has to leave an app such as mail open.
Then Press the Home and power buttons together, as if they were resetting.
Then close the smart cover, without hitting the "slide to power off" button.

The thief (or whoever) THEN has to press the cancel, to get into the open app - i.e. mail. after opening the smart cover.

Don't get me wrong, its a issue, I just can't see it being a major one.

brianhickey

whiterebel wrote: »

One of us isn't getting this, and I've a feeling it isn't me
The owner has to leave an app such as mail open.
Then Press the Home and power buttons together, as if they were resetting.
Then close the smart cover, without hitting the "slide to power off" button.

The thief (or whoever) THEN has to press the cancel, to get into the open app - i.e. mail. after opening the smart cover.

Don't get me wrong, its a issue, I just can't see it being a major one.

No, it's a bit simpler than that. I just picked up my locked iPad, held down the power button until slide-to-power-off comes up, closed the smart cover, and opened it again and pressed cancel. The "thief" can do all of the steps from after the device is locked. It brings you straight to whatever was on the screen when the device was locked. You can't get out of that app and if it's on the home screen you can't launch any apps. Not the end of the world but I hope they fix it.

Kadongy

whiterebel wrote: »

One of us isn't getting this, and I've a feeling it isn't me
The owner has to leave an app such as mail open.
Then Press the Home and power buttons together, as if they were resetting.
Then close the smart cover, without hitting the "slide to power off" button.

The thief (or whoever) THEN has to press the cancel, to get into the open app - i.e. mail. after opening the smart cover.

Don't get me wrong, its a issue, I just can't see it being a major one.

Well you make it sound complicated and unfeasible, but to me it sounds like all they have to do is lock the iPad without turning it off. My impression was that they didn't even need to leave an app open, though if they did leave one open that would be the only thing accessible to an intruder. Even if they do in fact need to leave an app open, locking the iPad with mail open seems like a very realistic possibility.

I've never used an iPad so maybe I'm missing something but it certainly sounds like a serious issue to me.

vinnycoyne

A couple of things:

1. You can't really do anything with this, except for if an app is left open before locking the iPad. It's not possible to launch apps from the home screen.

2. I'm pretty sure that you can switch off the smart-cover unlock feature in settings.

whiterebel

Kadongy wrote: »

Well you make it sound complicated and unfeasible, but to me it sounds like all they have to do is lock the iPad without turning it off. My impression was that they didn't even need to leave an app open, though if they did leave one open that would be the only thing accessible to an intruder. Even if they do in fact need to leave an app open, locking the iPad with mail open seems like a very realistic possibility.

I've never used an iPad so maybe I'm missing something but it certainly sounds like a serious issue to me.

I was repeating what they said on the video, which you linked to. Apparently its even easier than they say according to Brian Hickey in the post above yours. Must try it on mine.