Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iPad 2 password override flaw

not able to recreate this on my ipad2 4.3.3

i don't think it matters but am using a complex passcode, not the simple one shown in the video.
 
May I add, you can read certain contacts details through Spotlight Search, including when using this method to open an iPad.
 
Eddy Munn said:
May I add, you can read certain contacts details through Spotlight Search, including when using this method to open an iPad.
Click to expand...

What really can be done with access to contacts via physical access to a device?

Most likely any scenario could just as likely occur without contacts being exposed via such a device.

If the vulnerability is the type that can be exploited by a worm such that the contact info can be used to propagate the worm, then disclosure of those contacts is an issue not because of the specific info in the contacts but because of the fact that the contact info, such as email addresses, can be used by the worm to propagate more effectively.

Emails are more likely to be trusted if the source of the email is someone the user knows so spreading a worm or phishing emails using contact info is more effective.

This isn't that type of vulnerability.
 
This flaw is flawed.

How many people actually hold the power button until the slider appears and then just close the smart cover without powering down the iPad? My guess is no one.

This is not really an issue.

By the way, I can recreate this on my iPad 2 on IOS4.
 
CactusHawk said:
How many people actually hold the power button until the slider appears and then just close the smart cover without powering down the iPad? My guess is no one.

This is not really an issue.

By the way, I can recreate this on my iPad 2 on IOS4.
Click to expand...

this is so full of fail I don't even know where to begin
 
CactusHawk said:
Can you explain why this is full of fail?
Click to expand...

I think that you believe the iPad has to be locked with the screen showing the power off slider.

This isn't the case. The iPad only has to be locked, then the power off screen is subsequently used in the lock bypass.

An attacker could use this method to get some access to the iPad regardless of the method used not being a typical set of actions performed on the iPad.

The risks after bypassing the lock are largely mitigated by the limited access that is granted after the bypass.
 
munkery said:
I think that you believe the iPad has to be locked with the screen showing the power off slider.

This isn't the case. The iPad only has to be locked, then the power off screen is subsequently used in the lock bypass.

An attacker could use this method to get some access to the iPad regardless of the method used not being a typical set of actions performed on the iPad.

The risks after bypassing the lock are largely mitigated by the limited access that is granted after the bypass.
Click to expand...

That's not what they show in the OP's link...unless I'm missing something. I'll watch it again.

Thanks for the effort. Much better than "full of fail".

Edit**. Ok so I re-watched the link. Your right. Don't know what I thought I saw the first time. Thanks again for the clarification.
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back