iPad 2 password override flaw

Discussion in 'iPad' started by Brows, Oct 20, 2011.

  1. Brows macrumors member

    Jul 16, 2010
  2. this is funah macrumors 6502

    this is funah

    Oct 13, 2005
    Berlin, Germany
    great share... somebody report this to apple yet? this needs to be fixed asap.
  3. AFPoster macrumors 65816

    Jul 14, 2008
    Charlotte, NC
  4. anthdci macrumors 6502

    Jun 8, 2009
    I think this only affects iOS5. My iPad2 on 4.3.3 doesn't let you do this...
  5. braaains macrumors newbie

    Aug 31, 2011
    same here, doesnt work on my 4.3.3 ipad 2
  6. bufffilm Suspended


    May 3, 2011
    not able to recreate this on my ipad2 4.3.3

    i don't think it matters but am using a complex passcode, not the simple one shown in the video.
  7. doboy macrumors 68000

    Jul 6, 2007
    At least now they can quickly fix it with a delta update.
  8. munkery macrumors 68020


    Dec 18, 2006
  9. Eddy Munn macrumors 6502

    Eddy Munn

    Dec 27, 2008
    May I add, you can read certain contacts details through Spotlight Search, including when using this method to open an iPad.
  10. munkery macrumors 68020


    Dec 18, 2006
    What really can be done with access to contacts via physical access to a device?

    Most likely any scenario could just as likely occur without contacts being exposed via such a device.

    If the vulnerability is the type that can be exploited by a worm such that the contact info can be used to propagate the worm, then disclosure of those contacts is an issue not because of the specific info in the contacts but because of the fact that the contact info, such as email addresses, can be used by the worm to propagate more effectively.

    Emails are more likely to be trusted if the source of the email is someone the user knows so spreading a worm or phishing emails using contact info is more effective.

    This isn't that type of vulnerability.
  11. CactusHawk macrumors regular

    Oct 9, 2009
    This flaw is flawed.

    How many people actually hold the power button until the slider appears and then just close the smart cover without powering down the iPad? My guess is no one.

    This is not really an issue.

    By the way, I can recreate this on my iPad 2 on IOS4.
  12. thesiren macrumors 6502a


    Mar 7, 2011
    outer space
    this is so full of fail I don't even know where to begin
  13. CactusHawk macrumors regular

    Oct 9, 2009
    Can you explain why this is full of fail?
  14. munkery macrumors 68020


    Dec 18, 2006
    I think that you believe the iPad has to be locked with the screen showing the power off slider.

    This isn't the case. The iPad only has to be locked, then the power off screen is subsequently used in the lock bypass.

    An attacker could use this method to get some access to the iPad regardless of the method used not being a typical set of actions performed on the iPad.

    The risks after bypassing the lock are largely mitigated by the limited access that is granted after the bypass.
  15. CactusHawk, Oct 23, 2011
    Last edited: Oct 23, 2011

    CactusHawk macrumors regular

    Oct 9, 2009
    That's not what they show in the OP's link...unless I'm missing something. I'll watch it again.

    Thanks for the effort. Much better than "full of fail".

    Edit**. Ok so I re-watched the link. Your right. Don't know what I thought I saw the first time. Thanks again for the clarification.

Share This Page