iPad 2 iOS 5 Lock Screen Bypass Vulnerability
Marc Gurman at 9to5Mac has discovered a vulnerability on the iPad that allows for a limited bypass of the device's lockscreen. Anyone with an iPad Smart Cover can gain access to the previously-open app (or the home screen if no app was open).
By holding the power button to bring up the 'Power Off' screen, closing the smart cover, re-opening it, and clicking cancel, the attacker will be dropped into the screen that was open before the iPad was locked. If the attacker gets dropped into the home screen, then they'll be able to see the installed apps, but won't be able to open anything. If Safari or Mail (or any other app) was the open when the device was locked, then the attacker would have access to that app.
From a locked iPad 2:
1) Lock a password protected iPad 2
2) Hold down power button until iPad 2 reaches turn off slider
3) Close Smart Cover
4) Open Smart Cover
5) Click cancel on the bottom of the screen
This isn't the first security issue Apple has experienced since rolling out iOS 5. On the brand new iPhone 4S it has been discovered you can use Siri when a device is locked. Even if a passcode is required, Siri doesn't care and allows you to carry out functions such as sending email and text messages.
Protection Against the iPad 2 Lock Screen Bypass:
For the time being, iPad 2 users are encouraged to disable the "Smart Cover unlocking" feature found in Settings > General.
Marc Gurman at 9to5Mac has discovered a vulnerability on the iPad that allows for a limited bypass of the device's lockscreen. Anyone with an iPad Smart Cover can gain access to the previously-open app (or the home screen if no app was open).
By holding the power button to bring up the 'Power Off' screen, closing the smart cover, re-opening it, and clicking cancel, the attacker will be dropped into the screen that was open before the iPad was locked. If the attacker gets dropped into the home screen, then they'll be able to see the installed apps, but won't be able to open anything. If Safari or Mail (or any other app) was the open when the device was locked, then the attacker would have access to that app.
From a locked iPad 2:
1) Lock a password protected iPad 2
2) Hold down power button until iPad 2 reaches turn off slider
3) Close Smart Cover
4) Open Smart Cover
5) Click cancel on the bottom of the screen
This isn't the first security issue Apple has experienced since rolling out iOS 5. On the brand new iPhone 4S it has been discovered you can use Siri when a device is locked. Even if a passcode is required, Siri doesn't care and allows you to carry out functions such as sending email and text messages.
Protection Against the iPad 2 Lock Screen Bypass:
For the time being, iPad 2 users are encouraged to disable the "Smart Cover unlocking" feature found in Settings > General.
