back to article 5 SECONDS to bypass an iPad 2 password

The password protection of an iPad 2 running iOS 5 can be circumvented in less than five seconds with just three simple steps. Bypassing the unlock screen on iPad 2 can be accomplished by first pressing the power button until the power-off screen is displayed. Users then need only to close and reopen the fondleslab's 'smart …

COMMENTS

This topic is closed for new posts.

Page:

  1. Pink Duck
    Meh

    Proof positive that Apple care about your security.

    1. Ammaross Danan
      FAIL

      Patch

      They'll likely patch it...about as quickly, and accurately as they did with the Daylight Savings Time shifts....

    2. Scorchio!!
      Happy

      "Proof positive that Apple care about your security."

      But Apple products do not have security problems. Security problems are for Pee Cee's! If only Steve Jobs were here to answer a few questions about this.

  2. D@v3
    Meh

    only a minor issue, really.

    1) you can only access the app that was open when the cover was closed.

    Obviously, I can't speak for anyone else, but i always go back to the home screen before locking mine anyway. (force of habit, OCD, what ever...)

    2) only effects those who use a 'smart cover'. The smart function of which can easily be disabled in the settings. Seriously, is it that hard to press a button when you open the cover? The 3rd party cover i have _is_ 'smart' but after 5 mins of finding it wasn't very effective, i turned off the feature.

  3. Tim Brown 1
    Facepalm

    Great...

    So Apple go to great lengths to secure the iPad so that we can't (legitimately) run customised software on it then make a total screwup of proper security for our data.

  4. Graeme 7
    Coffee/keyboard

    4 finger swipe?

    I've not watched the video, (flash issues) so don't know if it is only the home button that will relock the screen. However on iOS5 a four finger swipe up will bring up all background apps, so you could access those that way, and since once used everything stays available in the background you should get access to everything of use.

    1. Phil Endecott Silver badge

      Re: only a minor issue, really.

      > only effects those who use a 'smart cover'

      The attacker can bring their own cover, or use a magnet.

    2. Anonymous Coward
      Stop

      Not necessarily...

      The functionality of a smart cover can be replicated with a magnet, so not having a smart cover doesn't protect you - turning off the smart cover function in the preferences is the bit that's key. (But this is old news, anyway - broken last week by other sites. That said, you'd expect perhaps a fix by now...)

    3. TheOtherJola
      WTF?

      Only a minor issue, really

      O hai guise, I heard about the feature on my front door whereby anyone can get in, regardless of using the security features built in to the door (i.e. the yale lock). Here's why the vendor is still great:

      1) you can only access the hall of my house. If I've left some stuff in there, then yeah, you can get to it, but since I tidy my hall up quite a bit (doesn't everyone?) this isn't an issue.

      2) only AFFECTS those who use a magnet-based sensor, and not many people have those.

      Stop trolling, guise - it's not that big a deal, you're just holding it wrong!

      1. ShelLuser

        @Jola

        I'm missing item 3:

        3) I went into great efforts to board up all the other doors in my hallway so no one can come in or out ;-)

      2. BristolBachelor Gold badge
        Coat

        @TheOtherJola

        I seem to have misunderstood your post. Are you saying that you accidentally superglued the key into your front-door Yale lock, so anyone can open it?

    4. Colin Millar

      Congratulations

      You have just won first prize in the sycophant of the year competition

    5. Anonymous Coward
      Anonymous Coward

      Re: only a minor issue, really.

      > 1) you can only access the app that was open when the cover was closed.

      That is still one app too many.

    6. jubtastic1

      Just tested this

      4 finger swipes don't work, so you're limited to whatever the active app was when you locked it.

      I'd expect an OTA patch for this fairly promptly.

      1. Anonymous Coward
        WTF?

        I'd expect an OTA patch for this fairly promptly.

        Ha ha ha ha ha haaaa haaaaaa.

        This is Apple we are talking about. 2nd only to Oracle when it comes to shit timescales for security issues.

      2. Afflicted.John
        Thumb Up

        OTA patch

        Would that be the functionality similar to that offered in Android? Hmmmm.....if only they could patent it?!

    7. Grease Monkey

      @D@v3 why is it that fanbois will always play down every Apple security issue. Just because your return to the home screen does not mean that everybody else does, more importantly it does not mean that everybody else *should*. However as a fanboi presumably you feel that Apple are infallible and users should work round security issues. Oh sorry, my bad. It's not a security issue is it? It's a feature and users who are at risk are actually doing it wrong. Or at least that's what the Big Jobs would tell us were he still around.

      If Apple had coded this right you wouldn't need to work around it would you. It's crap coding and crap testing plain and simple.

    8. Ian Yates
      WTF?

      Four finger swipe?

      Really? At some point there are going to be too many gestures for people to remember, or they'll just be too complicated to perform.

    9. Evil Auditor Silver badge

      @Tim Brown 1

      What did you expect?! "Security focus" in Applespeak means securing Apple's business and profits. And yes, this holds true not just for Apple.

    10. Andy ORourke
      Joke

      What you are missing.......

      Is that the guy in the Video wasnt using the device in an apple aproved manner, obviously any deviation from the deivce operating instructions renders the warranty null and void and will get a stern letter of warning from Apples iLawyers (or a letter telling him that the "gestures" he used to acehive this have now been patented)

    11. relpy
      Stop

      Won't work, Apple have a patent on that kind of thing so nobody's can do that without a licence.

  5. cocknee
    FAIL

    Lame

    "As enterprise IT blog BringYourOwnIT.com notes, one obvious workaround would be to instruct users to close any foreground application before locking their iPad."

    Trust users with security? Surely some mistake?

    Just like:

    - Don't leave your laptop in the boot of your car

    - Don't copy customer/patient/employee data to that memory stick

    - Don't read sensitive documents on the train

    - Don't expose national security documents as you walk into No10

    - etc ad nauseum

    Alternatively,

    Get Apple to fix the bloody bug PDQ and ban iPad's for anything remotely sensitive until they do.

    1. cosymart
      Trollface

      Missed one

      Don't send your readers/users email addresses to man+dog.

      Sorry El Reg :-p

      PS not a lot of point in posting anonymously.

  6. Solly
    FAIL

    It just works....

  7. Captain Haddock
    Gimp

    All they are going to get...

    ...is my last session of Angry birds.

    Bothered.

    1. Grease Monkey

      Which tells us that you think that's all your fondleslab is good for.

  8. Anonymous Coward
    FAIL

    I mean seriously..

    Did anyone actually think the iPad2 was secure? it's hardly a business tool, it doesn't even support filesystem encryption.

    My Asus Transformer supported that since the outset, and it's a standard feature in Android 4.0.

    1. Anonymous Coward
      Anonymous Coward

      Exactly ...

      But I find it astonishing and terrifying just how often and how increasingly they are being used as proper business tools and are used to tote around really quite sensitive data more and more. Shudder ... I wouldn't even use one of these things to carry around my email or address book.

      I can see a really big data infringement case soon. Of course no one will care and will carry on regardless.

  9. Ian Ferguson
    FAIL

    Oh bollocks

    Just tried it and it works. There goes our mobile data compliance.

    Those saying 'it's not a big issue' - it may not be for you, or for private users, but for corporate data protection the issue is more that the hole is there at all, rather than whether the hole is used or not.

    I know the iPad2 isn't an encrypted device, but it at least enforces basic Exchange rules like password protection - or, it's MEANT to.

  10. hudster1969
    WTF?

    http://www.theregister.co.uk/Design/graphics/icons/comment/wtf_32.png 5 secs to unlock it but 1min 22secs to listen to some arse talk about it.

  11. JFK
    FAIL

    First iOS patch over the air incoming soon i guess

    If you have it locked on the 'home screen'. A left swipe to the search allows you to see contacts with their primary phone number. And the normal search able context.

    Expect this will get patched soon enough, seems like a good test for their over the magical etherweb incremental icloud software updates.

  12. Anonymous Coward
    Anonymous Coward

    Just press the home button before closing or turn 'iPad Cover Lock / Unlock' off for now in Settings > General.

    At least Apple *will* fix it - unlike a certain Android phone I have that is locked to the network and cannot now (or will ever) be updated unless I want to root it and frig around with trying to get a newer version on.

    1. raving angry loony

      At least you CAN unlock the phone, and it's probably fairly easily rooted, and the phone vendor won't come back and try to deliberately unroot or even brick your phone if you've rooted it.

      But yeah, I guess if you're used to and really need hand holding all the time, it might be hard to understand why others might want to be allowed to cross the street on their own.

    2. alan buxey
      Flame

      no encryption

      the fact that is cant do filesystem encryption should be enough for it to fail mobile data compliance :-|

  13. Kevin McMurtrie Silver badge

    iOS, MacOS X, and Android

    The problem is that the lockout app launches when the device is awakened, not when the device becomes idle. That creates an opportunity for things to go wrong. I've had my Macbook Pro and Galaxy SII run for several seconds unprotected because the lockout application's launch was delayed by heavy filesystem I/O.

    1. Daniel B.
      Boffin

      Nice!

      That means that the Blackberry is still the only one actually caring about security. The app launches at idle time, always.

  14. Anonymous Coward
    Anonymous Coward

    Storm in a teacup - probably fixed in a matter of days and trivial compared to many of the bugs and poor security practices many companies and users have.

    1. The Indomitable Gall

      Erm... what?

      What on Earth is more trivial than being able to wake up a locked device without knowing the password?

      1. Maliciously Crafted Packet
        Gimp

        Whats more trivial? Oh I don't know...

        possibly the numerous amount of malware infested freebee apps that haunt the -quite frankly dangerous- Android Marketplace.

        You know, the ones that nick your bank account details, passwords and credit card numbers. Thats possibly more trivial.

  15. Fuh Quit
    Thumb Up

    It's not a big issue

    Honestly, it's a consumer device with ease of use first and security some way behind. It's a single user environment so security is never going to be that hot.

    1. Grease Monkey

      You might think it's a consumer device. Unfortunately I doubt many senior managers will agree with you. Senior management like their toys and want to use them for corporate tasks and the IT department never have the power to tell them no.

      1. Fuh Quit
        Thumb Up

        I know, I know

        I'm one of the people telling them No (or at least what they can and can't do).

  16. Anonymous Coward
    Anonymous Coward

    Where is iSecure?

    Apple really are embarrassing when it comes to security, especially when you consider that they're built on a BSD heritage.

    The changes are obviously all fluff and no substance, like the girl that looks great but struggles to add 2+2.

  17. Anonymous Coward
    Anonymous Coward

    "Those saying 'it's not a big issue' - it may not be for you, or for private users, but for corporate data protection the issue is more that the hole is there at all, rather than whether the hole is used or not."

    Didn't you see this previous post:

    "Just press the home button before closing or turn 'iPad Cover Lock / Unlock' off for now in Settings > General."

    Simples.

  18. Anonymous Coward
    Anonymous Coward

    Frankly with most users setting the password to 5555 or 0000 or 1234 it's unlikely to be a big issue (when of course that would give them access to the whole device and not just your Angry Birds / home screen etc.).

    People make out as if this is a mega issue when not educating users about proper security - i.e. not allowing unauthorised access in the first place or setting a decent password.

    Plus it will be fixed and probably pretty quickly.

  19. Anonymous Coward
    Anonymous Coward

    How many people do not use password protected / encrypted USB drives?

  20. Anonymous Coward
    Anonymous Coward

    Apple Security

    It just wo.. Wait, what? You're shitting me? You're not? Scratch that...

  21. Steve Todd
    Stop

    Settings -> General -> iPad Cover Lock/Unlock

    Set to Off, wait for patch.

    Tricky one that.

  22. JassMan Silver badge
    Happy

    I bet Apple have a patent on this and will sue the ass off anyone who dares consider implementing a security flaw. Or.. maybe they missed the opportunity and there is an opening (prior art being completely missing from the US patent system) for Samsung to patent security flaws then force Apple to drop their suits on the Galaxys. They only need to wait 5 weeks for Apple to fail yet again on the security front.

  23. Solomon Grundy
    Meh

    TL/DR

    Sure, there are many ways to prevent this issue; but at the end of the day it is still an issue. Systems security is paid to prevent problems (forecast them, if you will).

    In hindsight there is ALWAYS a way to get into any system/product. If your job is to PROTECT something & your measures have been found failing then it's on the Sec.

    People poke holes in any/everything and at the end of the day someone has to pay for those decisions. Don't blame Micosoft or Apple. The persons that decided easy vs secure & thought they were taking the easy route are to blame.

    Look to the Admins and their greasy, "keep my job because I deserve it" attitude. Truly secure products do exist, but they don't dominate the "fandom" entry level staff. Real security means people telling their bosses, staff, etc NO. That's where most IT folks fall down. They're not interested in security, or even their jobs, they just don't have the stones to say no.

Page:

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019