iPad 2 Smart Cover security flaw detailed

Shawn Knight

Posts: 15,255   +192
Staff member

A security flaw on the iPad 2 allows you to circumvent the passcode and access the last open app on Apple’s tablet. The hack requires iOS 5, an iPad 2 Smart Cover and a certain sequence of events to perform.

To pull off the hack, install the Smart Cover on your locked iPad 2 then open the cover. From here, you will be presented with the passcode screen. Tap Cancel then hold down the power button on the top of the iPad 2 for a few seconds to activate the power down slider. But instead of powering down, close the Smart Cover, wait a second, then open the cover once again. Press Cancel to close the power down slider and you will be put back into the last application that you were running.

If you are put into the Home Screen, you can’t actually access any apps but you can play media. The real risk comes if you were in Messages or Mail, as any sensitive data can be seen by anyone using the hack.

The flaw seemingly only affects iOS 5. I tested the hack on my iPad 2 running iOS 4.3 and was unable to replicate the issue, although once I upgraded to iOS 5, that all changed. 9to5Mac has discovered that you can temporarily fix this issue by disabling Smart Cover unlocking in the iPad 2 settings menu under the General tab.

Apple will likely address this issue as well as a security flaw for Siri in an upcoming software update.

Permalink to story.

 
To pull off the hack, install the Smart Cover on your locked iPad 2 then open the cover. From here, you will be presented with the passcode screen. Tap Cancel then hold down the power button on the top of the iPad 2 for a few seconds to activate the power down slider. But instead of powering down, close the Smart Cover, wait a second, then open the cover once again. Press Cancel to close the power down slider and you will be put back into the last application that you were running.

Pardon my language, but WHO THE **** goes trough all this trouble, just to find a a way to "semi-hack" an iPad 2 lock screen? Seriously, people have to do better thins with their time...
 
BabyFaceLee said:
So am I right in thinking this 'hack' will apply to any case that turns off the screen when it's shut?

I tend to think so, a Piece of cardboard or thick paper would probably work too, I'm don't remember if those cases have magnets in them or not.
 
Sounds like hacking a pay phone in the 90s, but that was simpler (only on some switches). You place the toll call, deposit the money when asked, talk for 2 1/2 minutes and hang up for about 2 seconds. The operator comes on and you tell her your done with the call. Then you'd hang up and, jackpot, the money would return. Worked with long distance calls, too. To fix it, att did away with long distance from pay phones then did away with pay phones altogether. Too big and out of control?
 
"Pardon my language, but WHO THE **** goes trough all this trouble, just to find a a way to "semi-hack" an iPad 2 lock screen? Seriously, people have to do better thins with their time..."

Security analysts? Maybe someone stumbled upon it accidently?
 
tonylukac said:
Sounds like hacking a pay phone in the 90s, but that was simpler (only on some switches). You place the toll call, deposit the money when asked, talk for 2 1/2 minutes and hang up for about 2 seconds. The operator comes on and you tell her your done with the call. Then you'd hang up and, jackpot, the money would return. Worked with long distance calls, too. To fix it, att did away with long distance from pay phones then did away with pay phones altogether. Too big and out of control?

Yeah, it also reminds me to Captain Crunch times xD
 
tonylukac said:
Sounds like hacking a pay phone in the 90s, but that was simpler (only on some switches). You place the toll call, deposit the money when asked, talk for 2 1/2 minutes and hang up for about 2 seconds. The operator comes on and you tell her your done with the call. Then you'd hang up and, jackpot, the money would return. Worked with long distance calls, too. To fix it, att did away with long distance from pay phones then did away with pay phones altogether. Too big and out of control?

My friends just used tone generators.
 
Darth Shiv said:
"Pardon my language, but WHO THE **** goes trough all this trouble, just to find a a way to "semi-hack" an iPad 2 lock screen? Seriously, people have to do better thins with their time..."

Security analysts? Maybe someone stumbled upon it accidently?

Security analysts? Do you even know what a security analyst does?

And this is clealry a systematic, step by step procedure. You don't go through all of this accidentally.
 
lawfer, it would seem you're missing the point. The point is there is a SECURITY threat.

Now, besides the point, someone may have accidentally stumbled across this breach and then started to try and replicate it. I'm surprised that you don't know (seeing how you dismissed Security Analysts) that in order to "fix" a security problem (this includes all software/firmware), you must first REPLICATE THE PROBLEM. This would mean a step by step process.
 
Back