
Proof positive that Apple care about your security.
The password protection of an iPad 2 running iOS 5 can be circumvented in less than five seconds with just three simple steps. Bypassing the unlock screen on iPad 2 can be accomplished by first pressing the power button until the power-off screen is displayed. Users then need only to close and reopen the fondleslab's 'smart …
1) you can only access the app that was open when the cover was closed.
Obviously, I can't speak for anyone else, but i always go back to the home screen before locking mine anyway. (force of habit, OCD, what ever...)
2) only effects those who use a 'smart cover'. The smart function of which can easily be disabled in the settings. Seriously, is it that hard to press a button when you open the cover? The 3rd party cover i have _is_ 'smart' but after 5 mins of finding it wasn't very effective, i turned off the feature.
The functionality of a smart cover can be replicated with a magnet, so not having a smart cover doesn't protect you - turning off the smart cover function in the preferences is the bit that's key. (But this is old news, anyway - broken last week by other sites. That said, you'd expect perhaps a fix by now...)
O hai guise, I heard about the feature on my front door whereby anyone can get in, regardless of using the security features built in to the door (i.e. the yale lock). Here's why the vendor is still great:
1) you can only access the hall of my house. If I've left some stuff in there, then yeah, you can get to it, but since I tidy my hall up quite a bit (doesn't everyone?) this isn't an issue.
2) only AFFECTS those who use a magnet-based sensor, and not many people have those.
Stop trolling, guise - it's not that big a deal, you're just holding it wrong!
@D@v3 why is it that fanbois will always play down every Apple security issue. Just because your return to the home screen does not mean that everybody else does, more importantly it does not mean that everybody else *should*. However as a fanboi presumably you feel that Apple are infallible and users should work round security issues. Oh sorry, my bad. It's not a security issue is it? It's a feature and users who are at risk are actually doing it wrong. Or at least that's what the Big Jobs would tell us were he still around.
If Apple had coded this right you wouldn't need to work around it would you. It's crap coding and crap testing plain and simple.
Is that the guy in the Video wasnt using the device in an apple aproved manner, obviously any deviation from the deivce operating instructions renders the warranty null and void and will get a stern letter of warning from Apples iLawyers (or a letter telling him that the "gestures" he used to acehive this have now been patented)
I've not watched the video, (flash issues) so don't know if it is only the home button that will relock the screen. However on iOS5 a four finger swipe up will bring up all background apps, so you could access those that way, and since once used everything stays available in the background you should get access to everything of use.
"As enterprise IT blog BringYourOwnIT.com notes, one obvious workaround would be to instruct users to close any foreground application before locking their iPad."
Trust users with security? Surely some mistake?
Just like:
- Don't leave your laptop in the boot of your car
- Don't copy customer/patient/employee data to that memory stick
- Don't read sensitive documents on the train
- Don't expose national security documents as you walk into No10
- etc ad nauseum
Alternatively,
Get Apple to fix the bloody bug PDQ and ban iPad's for anything remotely sensitive until they do.
But I find it astonishing and terrifying just how often and how increasingly they are being used as proper business tools and are used to tote around really quite sensitive data more and more. Shudder ... I wouldn't even use one of these things to carry around my email or address book.
I can see a really big data infringement case soon. Of course no one will care and will carry on regardless.
Just tried it and it works. There goes our mobile data compliance.
Those saying 'it's not a big issue' - it may not be for you, or for private users, but for corporate data protection the issue is more that the hole is there at all, rather than whether the hole is used or not.
I know the iPad2 isn't an encrypted device, but it at least enforces basic Exchange rules like password protection - or, it's MEANT to.
If you have it locked on the 'home screen'. A left swipe to the search allows you to see contacts with their primary phone number. And the normal search able context.
Expect this will get patched soon enough, seems like a good test for their over the magical etherweb incremental icloud software updates.
Just press the home button before closing or turn 'iPad Cover Lock / Unlock' off for now in Settings > General.
At least Apple *will* fix it - unlike a certain Android phone I have that is locked to the network and cannot now (or will ever) be updated unless I want to root it and frig around with trying to get a newer version on.
At least you CAN unlock the phone, and it's probably fairly easily rooted, and the phone vendor won't come back and try to deliberately unroot or even brick your phone if you've rooted it.
But yeah, I guess if you're used to and really need hand holding all the time, it might be hard to understand why others might want to be allowed to cross the street on their own.
The problem is that the lockout app launches when the device is awakened, not when the device becomes idle. That creates an opportunity for things to go wrong. I've had my Macbook Pro and Galaxy SII run for several seconds unprotected because the lockout application's launch was delayed by heavy filesystem I/O.
"Those saying 'it's not a big issue' - it may not be for you, or for private users, but for corporate data protection the issue is more that the hole is there at all, rather than whether the hole is used or not."
Didn't you see this previous post:
"Just press the home button before closing or turn 'iPad Cover Lock / Unlock' off for now in Settings > General."
Simples.
Frankly with most users setting the password to 5555 or 0000 or 1234 it's unlikely to be a big issue (when of course that would give them access to the whole device and not just your Angry Birds / home screen etc.).
People make out as if this is a mega issue when not educating users about proper security - i.e. not allowing unauthorised access in the first place or setting a decent password.
Plus it will be fixed and probably pretty quickly.
I bet Apple have a patent on this and will sue the ass off anyone who dares consider implementing a security flaw. Or.. maybe they missed the opportunity and there is an opening (prior art being completely missing from the US patent system) for Samsung to patent security flaws then force Apple to drop their suits on the Galaxys. They only need to wait 5 weeks for Apple to fail yet again on the security front.
Sure, there are many ways to prevent this issue; but at the end of the day it is still an issue. Systems security is paid to prevent problems (forecast them, if you will).
In hindsight there is ALWAYS a way to get into any system/product. If your job is to PROTECT something & your measures have been found failing then it's on the Sec.
People poke holes in any/everything and at the end of the day someone has to pay for those decisions. Don't blame Micosoft or Apple. The persons that decided easy vs secure & thought they were taking the easy route are to blame.
Look to the Admins and their greasy, "keep my job because I deserve it" attitude. Truly secure products do exist, but they don't dominate the "fandom" entry level staff. Real security means people telling their bosses, staff, etc NO. That's where most IT folks fall down. They're not interested in security, or even their jobs, they just don't have the stones to say no.
I have just tested this and it is worse than just looking at the last used screen. The last screen on the iPad I just tested was the home screen. I tried to get into music but that did not work.
I then swiped back to access the search function. This allows you to search & reveal contact information and so on with any unsuspecting owner none the wiser.
My issue with this, isn't in the bug itself, but how Apple missed it - Windows was inherently insecure because of the 'it's single user so lets just patch security over the top' model they used to use. If Apple are thinking the same way with this then what ELSE is inside the thousands of lines of code in there?
Mate, have you ever been involved in any sort of serious software development? It's incredibly complex, you will never get everything 100%, it just doesn't work that way.
Despite what many 'characters' on this site will tell you, the quality of Apple software is about as good as it gets. Even they miss things from time to time, just the way it is.
And before some dick jumps in and flames, I'm basing that opinion on many, many years spent coding for OSX, .NET, WIN32, UNIX, Linux, QNX, JAVA and all sorts of shit I can't even remember, so please don't bother.
The iPad (and to some degree the android tablets) are still only over hyped toys, so anyone introducing them in an environment requiring data security and privacy needs their head examining. Sure this is a massive fail for apple, but even if the lock worked perfectly, until they (and android) introduce a randomising position of the keypad / swype gesture all you need to do is inspect the finger smudges on the screen to determine the access code, making these devices about as secure as the first piggie's straw house before the wolf turned up.
Yup, just about the stupidest advertising slogan ever. It was always going to lay them open to mockery every time something broke. Of course the Big Jobs was so fucking arrogant that he believed that (a) nothing Apple would every break and (b) he could convince everybody it hadn't broken if it did.
Hmm - I was in a US iStore yesterday asking about CyberSecurity software they were selling on the shelf ; the bloke basically told me not to bother with it as "nothing we sell here needs it".
So it's official, all us FanBoi's are safe from viruses, hackers, malware, trojans, etc etc - REJOICE!!!!!!
(Bootnote - I didn't get an answer to my question "well why don't you take it off the shelf then?")