iPad 2: magnet bypasses passcode lock
Apple's Smart Cover or another magnetic object can be used to bypass the passcode lock on an iPad 2 running iOS 5. When the password prompt appears, a user can press and hold the standby key until the red "slide to power off" option appears, close the Smart Cover, open it again and hit "cancel" – users are then taken either to the home screen or the previously used application without any further prompts.
While apps cannot be launched in this mode, they can be moved around or deleted from an iPad. Recently used applications can also be viewed by double clicking the Home button. The Notification Centre, however, remains inaccessible, but the iOS Spotlight search function can be used to access an overview of notes, contacts, schedules, tasks and possibly even emails that have been previously opened using Spotlight – but users cannot open any of the displayed results.
However, if an app was open when the screen was locked, there can be more of a problem. If the built-in Mail app was open, anyone who bypasses the passcode lock can view all of the emails in the open folder; The H's associates at heise Security even managed to send new emails during testing. It is also possible to change or delete a number of settings and accounts if the iOS settings were open when the screen was locked.
Until Apple remedies the issue with an update to iOS, users can disable "iPad Cover Lock / Unlock" under Settings > General. The opening and closing of the magnetic Smart Cover will then no longer affect an iPad 2, but the workaround comes with the loss of this convenient feature. The vulnerability only affects the magnetic locking mechanism in iPad 2 under iOS 5; it is yet not clear if older versions of iOS are also affected. Apple has been informed of the problem.
A number of vulnerabilities in the iOS passcode lock that allowed access to user data have previously been found; Apple released updates to address those issues shortly after they were made public. The passcode offers only limited protection if an iOS device falls into the wrong hands. While it can be annoying to use a long alphanumeric password for the passcode lock, a difficult-to-guess password makes it considerably harder to break into a device and gain access to passwords stored in the keychain and in encrypted app data. If a user loses their device they can always use the "Remote Wipe" option in the Find My iPhone/iPad web interface to delete the data, preventing it from falling into the wrong hands.
- iOpener - How safe is your iPhone data?, a feature from The H.
- Three iPhone and iPad security tips, a feature from The H.