Apple blog 9to5 Mac, citing a German site, reported a security flaw that allows anyone with one of Apple’s Smart Covers to gain access to the device — giving them free rein on emails, messages, browser history, contacts and any application with stored login information (Facebook, mobile bank account apps, Twitter, etc.).
[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":343769,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,mobile,security,","session":"D"}']The flaw can be exploited on a locked iPad 2 by holding down the power button, which will eventually prompt you to slide a horizontal scroll button to turn off the device. With the “power off” screen still up, close the smart cover. When you lift up the cover again the “power off” screen is still present, but clicking cancel brings you to the home screen — thus bypassing the need to enter in the correct passcode.
The trigger seems to be when the iPad is put to sleep (locked), which cannot be done by clicking the power button again. However, the iPad 2 can get around this because it uses magnet sensors from the Smart Cover to lock the device when the cover is on and unlock it when taken off. Since the first generation iPad isn’t compatible with Smart Covers, it doesn’t suffer from the flaw.
AI Weekly
The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.
Included with VentureBeat Insider and VentureBeat VIP memberships.
Some iPad owners are reporting that the security exploit isn’t limited to iOS 5, and will also work on version 4.3 of the operating system. I can’t confirm if this is the true because I don’t have an iPad running 4.3, nor do I have the desire to roll back the operating system to an earlier version. Although, anyone who is running 4.3 on their iPad is more than welcome to test the exploit and let us know if it works. (Just drop us a comment below, or email us at tips@venturebeat.com.)
Presumably, Apple will issue a fix in the next iOS update, which is due out any day now. In the meantime, if you’re worried about your iPad 2 geting compromised before the update is released, there is a temporary solution. As 9to5 Mac points out, iPad owners can disable the Smart Cover locking/unlocking function found in the Settings app under the “General” tab.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More