

Anyone with a smart cover can break into your iPad2 - kenjackson
http://9to5mac.com/2011/10/20/anyone-with-a-smart-cover-can-break-into-your-ipad-2/

======
scott_s
This is getting silly. Lock screens are the security equivalent of having a
screen door. They exist to keep the mildly annoying things out, but they're
not designed to prevent the _real_ baddies.

Breaking with metaphor, I don't consider it much of a security flaw if step
one is the other person has to have physical access to the device.

~~~
VMG
I think there is still a difference between circumventing security,
circumventing security without any tools and circumventing without leaving
traces.

I can't see why you can't make an iPad everything-but-screwdriver-proof.

~~~
scott_s
I'm not sure you'd want to.

Okay, let's say it's now true. So if you forget your lock screen password,
that's it, you're SOL. You bring it to the Genius bar at an Apple store. They
inform you that you're SOL and you'll need to pay $600 for a new one. Yes,
this would happen, so it's a terrible idea.

Okay, so relent a little, and let the people at the Genius bar send a special
override command that enables them to unlock the device. This would be special
in the sense that you couldn't do this at home with iTunes.

But eventually someone would reverse engineer what, exactly, that special
command is, and then regular users would be able to unlock devices on their
own. We're no longer everything-but-screwdriver-proof, but we're more secure
than before.

My question: is it worth it? I don't think so. We're still in a situation
where this is only going to be a concern when you lose your device - either
because you left it somewhere or it was stolen. But we've now introduced lots
of potential headaches for the user, for very little practical gain.

~~~
underwater
Not necessarily. There could be a unique code for each device stored at a
central location. That way unlocks could be tracked and audited.

~~~
scott_s
And those codes could leak, at which point we're back to the beginning.

But let's assume it doesn't leak. Is it worth it? Consider the enormous cost
that would be required for this: every new iPad that is manufactured would
need to be recorded in this central database. Secure access to it needs to be
set up and maintained from all Apple stores around the world. Is that worth it
for a rarely needed feature that most people don't care about?

If you instead try to do a secure hash of, say, the serial number, that's much
less cost to maintain, but that hash will almost certainly leak. (Think
DeCSS.)

------
antimora
I just tried on my iPad2 and the hack works.

------
icarus_drowning
Isn't it trivial to "fix" this by just disabling smart-cover unlocking? Isn't
that exactly why this is a user-enabled feature of the smart cover?

It isn't that I oppose viewing this as a "bug" (obviously the user is led to
believe that a password in and of itself would prevent this), but I would
think that anyone security-conscious enough to have a password _should_ be
disabling smart cover unlocking anyway...

~~~
saurik
I largely agree. That said, it is a weird default, as if you've never owned a
smart cover, it might not occur to you that there is a setting relating to it
you don't want that is defaulted to on. I mean, it seems fair to me that
someone who is "security-conscious" shouldn't be forced to examine every
single option on the device looking for a painfully insecure default.

This is typical of Apple, though: it is also fun to carry around an Apple
Remote if you know people with MacBooks. You walk up behind them, hit the menu
button, and yell "FRONT ROW!", at which point their computer (default setting:
accept any random remote) will /slowly/ fade to black, and then /slowly/ fade
into a TV-like UI the user has probably never seen before.

~~~
bonzoesc
> This is typical of Apple, though: it is also fun to carry around an Apple
> Remote if you know people with MacBooks. You walk up behind them, hit the
> menu button, and yell "FRONT ROW!", at which point their computer (default
> setting: accept any random remote) will /slowly/ fade to black, and then
> /slowly/ fade into a TV-like UI the user has probably never seen before.

It's /more/ fun to walk around with a defcon 2008 badge hacked to mash the
"menu" button ten times a second rolling through the different pairing codes
:)

~~~
scott_s
Oh, thank you. Now I'm going to do this after telling my coworkers that Siri
has been silently integrated into OSX.

~~~
bonzoesc
Lion removed Front Row, so you'll just mess up their music.

------
Groxx
Oh snap, that's bad. Given dbtc's comment, can anyone clarify if this is
4-#-bypassing or password-bypassing? Horrible either way, but wow.

~~~
X-Istence
The attacker has physical access to your device ... you have bigger problems
to worry about.

That being said, just disable the unlock with smart cover and problem solved.

~~~
pyre
The speed with which the attack can be done is really the key here. This is
less an issue of someone stealing your iPad2 and then getting access to your
personal data. This is more an issue of someone having physical access for a
couple of minutes and being able to get into and out of the device without
being detected.

~~~
X-Istence
If they have a smart cover around (if you don't own one), and if you have the
"unlock with smartcover" feature enabled.

~~~
jbri
The feature defaults to enabled. If you don't own a smart cover, would you
really look through the options for something like that and change it? Would
your Joe Average consumer?

An insecure default shouldn't be excused because you can change it - the
default configuration should be secure against such an attack.

------
dbtc
I couldn't get it to work on an iPad 2 that was locked with a character
password (the qwerty keyboard pops up).

~~~
xuki
Worked on my iPad 2 wifi with character password.

------
dvdhsu
Because the defaults allow no passcode, somebody could carry a SmartCover with
them, and break in to any iPad they "borrow" for a few minutes.

------
mikemoka
So let me straight, being the first one a setting it wasn't a vulnerability,
instead this one is. I can't see the logic behind their reasoning, in my
opinion they are both superficial security policies (ie. badly set defaults)

------
Curbob
How many people start the shut down process and then close their cover? Kind
of a lame hack

~~~
pyre
What's to stop an attacker from opening the smart cover, starting the shutdown
process, closing the smart cover, and then opening it again?

~~~
Curbob
you are completely correct (if it works that way, I'll have to try it later)

