WingNews logo WingNews GitHub [2]
top | item 3137770

Anyone with a smart cover can break into your iPad2

102 points| kenjackson | 14 years ago |9to5mac.com | reply

44 comments

order
[+] scott_s|14 years ago|reply
This is getting silly. Lock screens are the security equivalent of having a screen door. They exist to keep the mildly annoying things out, but they're not designed to prevent the real baddies.

Breaking with metaphor, I don't consider it much of a security flaw if step one is the other person has to have physical access to the device.

[+] VMG|14 years ago|reply
I think there is still a difference between circumventing security, circumventing security without any tools and circumventing without leaving traces.

I can't see why you can't make an iPad everything-but-screwdriver-proof.

[+] antimora|14 years ago|reply
I just tried on my iPad2 and the hack works.
[+] icarus_drowning|14 years ago|reply
Isn't it trivial to "fix" this by just disabling smart-cover unlocking? Isn't that exactly why this is a user-enabled feature of the smart cover?

It isn't that I oppose viewing this as a "bug" (obviously the user is led to believe that a password in and of itself would prevent this), but I would think that anyone security-conscious enough to have a password should be disabling smart cover unlocking anyway...

[+] saurik|14 years ago|reply
I largely agree. That said, it is a weird default, as if you've never owned a smart cover, it might not occur to you that there is a setting relating to it you don't want that is defaulted to on. I mean, it seems fair to me that someone who is "security-conscious" shouldn't be forced to examine every single option on the device looking for a painfully insecure default.

This is typical of Apple, though: it is also fun to carry around an Apple Remote if you know people with MacBooks. You walk up behind them, hit the menu button, and yell "FRONT ROW!", at which point their computer (default setting: accept any random remote) will /slowly/ fade to black, and then /slowly/ fade into a TV-like UI the user has probably never seen before.

[+] kalleboo|14 years ago|reply
Did you watch the video? This is definitely a bug, seeing as it only happens when you have the shutdown panel open. When you don't have the shutdown panel open, it shows the password prompt as expected. There's no reason that smart cover unlocking and a password prompt can't co-exist.
[+] xuki|14 years ago|reply
This is clearly a bug, if you don't hold the power button until the slider appears, you need to enter a passcode.
[+] Groxx|14 years ago|reply
Oh snap, that's bad. Given dbtc's comment, can anyone clarify if this is 4-#-bypassing or password-bypassing? Horrible either way, but wow.
[+] X-Istence|14 years ago|reply
The attacker has physical access to your device ... you have bigger problems to worry about.

That being said, just disable the unlock with smart cover and problem solved.

[+] dbtc|14 years ago|reply
I couldn't get it to work on an iPad 2 that was locked with a character password (the qwerty keyboard pops up).
[+] xuki|14 years ago|reply
Worked on my iPad 2 wifi with character password.
[+] dvdhsu|14 years ago|reply
Because the defaults allow no passcode, somebody could carry a SmartCover with them, and break in to any iPad they "borrow" for a few minutes.
[+] mikemoka|14 years ago|reply
So let me straight, being the first one a setting it wasn't a vulnerability, instead this one is. I can't see the logic behind their reasoning, in my opinion they are both superficial security policies (ie. badly set defaults)
[+] Curbob|14 years ago|reply
How many people start the shut down process and then close their cover? Kind of a lame hack
[+] pyre|14 years ago|reply
What's to stop an attacker from opening the smart cover, starting the shutdown process, closing the smart cover, and then opening it again?