iPad 2 password override flaw

Discussion in 'iPad' started by Brows, Oct 20, 2011.

  1. Brows macrumors member

    Joined:
    Jul 16, 2010
  2. this is funah macrumors 6502

    this is funah

    Joined:
    Oct 13, 2005
    Location:
    Berlin, Germany
    #2
    great share... somebody report this to apple yet? this needs to be fixed asap.
     
  3. AFPoster macrumors 65816

    Joined:
    Jul 14, 2008
    Location:
    Charlotte, NC
  4. anthdci macrumors 6502

    Joined:
    Jun 8, 2009
    #4
    I think this only affects iOS5. My iPad2 on 4.3.3 doesn't let you do this...
     
  5. braaains macrumors newbie

    Joined:
    Aug 31, 2011
    #5
    same here, doesnt work on my 4.3.3 ipad 2
     
  6. bufffilm macrumors 68040

    bufffilm

    Joined:
    May 3, 2011
    #6
    not able to recreate this on my ipad2 4.3.3

    i don't think it matters but am using a complex passcode, not the simple one shown in the video.
     
  7. doboy macrumors 68000

    Joined:
    Jul 6, 2007
    #7
    At least now they can quickly fix it with a delta update.
     
  8. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #8
  9. Eddy Munn macrumors 6502

    Eddy Munn

    Joined:
    Dec 27, 2008
    #9
    May I add, you can read certain contacts details through Spotlight Search, including when using this method to open an iPad.
     
  10. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #10
    What really can be done with access to contacts via physical access to a device?

    Most likely any scenario could just as likely occur without contacts being exposed via such a device.

    If the vulnerability is the type that can be exploited by a worm such that the contact info can be used to propagate the worm, then disclosure of those contacts is an issue not because of the specific info in the contacts but because of the fact that the contact info, such as email addresses, can be used by the worm to propagate more effectively.

    Emails are more likely to be trusted if the source of the email is someone the user knows so spreading a worm or phishing emails using contact info is more effective.

    This isn't that type of vulnerability.
     
  11. CactusHawk macrumors regular

    Joined:
    Oct 9, 2009
    #11
    This flaw is flawed.

    How many people actually hold the power button until the slider appears and then just close the smart cover without powering down the iPad? My guess is no one.

    This is not really an issue.

    By the way, I can recreate this on my iPad 2 on IOS4.
     
  12. thesiren macrumors 6502a

    thesiren

    Joined:
    Mar 7, 2011
    Location:
    outer space
    #12
    this is so full of fail I don't even know where to begin
     
  13. CactusHawk macrumors regular

    Joined:
    Oct 9, 2009
    #13
    Can you explain why this is full of fail?
     
  14. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #14
    I think that you believe the iPad has to be locked with the screen showing the power off slider.

    This isn't the case. The iPad only has to be locked, then the power off screen is subsequently used in the lock bypass.

    An attacker could use this method to get some access to the iPad regardless of the method used not being a typical set of actions performed on the iPad.

    The risks after bypassing the lock are largely mitigated by the limited access that is granted after the bypass.
     
  15. CactusHawk, Oct 23, 2011
    Last edited: Oct 23, 2011

    CactusHawk macrumors regular

    Joined:
    Oct 9, 2009
    #15
    That's not what they show in the OP's link...unless I'm missing something. I'll watch it again.

    Thanks for the effort. Much better than "full of fail".

    Edit**. Ok so I re-watched the link. Your right. Don't know what I thought I saw the first time. Thanks again for the clarification.
     

Share This Page