Smart Cover Unlock Bug May Lead To iPad 2 Data Exposure

Apple Category

Smart Cover unlock bug may lead to iPad 2 data exposure

The folks at 9to5 Mac have noticed that Apple’s iPad 2 Smart Cover lets you bypass a passcode lock on a device running iOS 5, albeit with limited access to the iPad’s applications. Here’s how the bug/exploit works.

First, make sure your passcode lock is set to activate immediately when you lock your iPad (this will simplify testing, although the problem is still there if there’s a lock delay). Press and hold the iPad 2’s power button to elicit the “Slide to Power Off” slider — but don’t slide the control to actually turn it off.

Next, close the Smart Cover over the iPad’s display to put the device to sleep. Finally, open the Smart Cover and click Cancel on the power off screen. From there, the iPad will present whatever was last running before you locked it.

Here’s where it gets interesting. Whatever you had on screen before locking your iPad is all you’ll have access to. If you were on the Home screen, you won’t be able to launch any apps, although you could delete one. If you had an app loaded when you locked your iPad, that’s the only app you’ll be able to run; backing out of the app using the Home button kicks you to the lock screen immediately.

Although the steps to reproduce this behavior specifically single out Apple’s Smart Cover, I was able to reproduce this by simply passing a refrigerator magnet along the right edge of my iPad 2 — so those of you without Smart Covers are still “at risk,” though as you’ll see the risk is relatively small.

The implications of this bug really depend on what app you left running when you closed the cover on your iPad. I tested Settings, Mail, and Safari using this hack, and I had basically unlimited access to all three apps. I was able to send an email to a colleague using Mail, and I was able to post to Twitter in Safari — all without having to input my passcode first.

That having been said, and acknowledging that this is an iOS 5 bug that needs to be fixed: the opportunities for malice or mischief are pretty slim, and only the truly paranoid should be overworried about this. First of all, I don’t know about you, but I never leave my iPad unattended in a public place anyway. I’d be less worried about someone forwarding porn links to my entire Contacts list or looking at my banking info (as if I’d ever leave that up anyway) and more worried about someone walking away with my iPad. Of course, if you have Find my iPad set up on your iCloud account (or an ActiveSync account for your business email), you can remotely wipe your data in a matter of a few clicks

Second, this exploit is pretty easily defeated by one of two means: either back your iPad out to the Home screen before you lock it (I almost always do this anyway) or, as 9to5 Mac notes, disable the setting that allows your Smart Cover to unlock the iPad. I suppose the biggest worry is what happens if someone does indeed steal your iPad, but given that they’ll have relatively limited utility in the things they’ll be able to do with it, it’s still not likely to be as big of a worry to you as the fact that your device just got ripped off.

The steps to reproduce this bug are fairly obscure, although now that it’s being publicized more people may try it (not necessarily including iPad thieves, who most likely don’t care about continuing your game of Fruit Ninja). It’s also something that Apple’s going to have to fix in the next minor update to iOS 5. I don’t even have a passcode lock active on my iPad in the first place, so this particular issue doesn’t have me shaking in my shoes one bit. Meanwhile, although it’s certainly an interesting bug and one with some security implications, iPad 2 users who don’t have mischievous little brothers are probably safe for now.

Tags:

Haridas Gowra Avatar

Help Us Grow

If you like this post, please share it with your friends.

You are free to copy and redistribute this article in any medium or format, as long as you keep the links in the article or provide a link back to this page.

Subscribe to Newsletter




Privacy Settings

Privacy & Cookie Overview

Our website uses cookies to provide you with the best user experience possible. These cookies are stored in your browser and perform essential functions such as recognizing you when you return to our website, as well as helping us to understand which sections of the website you find most useful and engaging.

To learn more, you can read our Privacy & Cookie Policy or reach out through our Contact form.

Strictly Necessary Cookies

Strictly Necessary Cookies must always be enabled to ensure the proper functioning of this website and to allow us to provide you with excellent service. These cookies are also essential for saving your cookie preferences.

Google Adsense

We use Google AdSense to keep this site free by displaying relevant ads. AdSense requires essential cookies that cannot be disabled, but you can manage other cookies. We respect your privacy and provide options to control non-essential cookies.

For more details on how Google handles your data, visit Google's Data Usage Policy. Please review our Privacy Policy for more information on how we protect your data.

AddToAny

We use AddToAny for social sharing. It doesn’t store cookies, ensuring a privacy-friendly experience. AddToAny complies with GDPR and CCPA by default.

For more, see their Privacy Policy.

OneSignal

We use OneSignal to send notifications to users who opt in. OneSignal complies with GDPR and is certified under the EU-US and Swiss-US Privacy Shield frameworks.

For more, see their Privacy Policy.

3rd Party Cookies

This website utilizes third-party cookies, which can enhance your experience and support our ongoing efforts to improve our services.

Google Analytics

We use Google Analytics to collect anonymous data, such as visitor numbers and popular pages, to improve user experience and site performance. Keeping this cookie enabled helps us refine the site based on visitor activity.

For more information, see Google’s Privacy Policy.

Discover more from Prime Inspiration

Subscribe now to keep reading and get access to the full archive.

Continue reading