Some high-tech hacks involve hiding intricate lines of malicious code in Web pages, or tapping into a smartphone's accelerometer to track keystrokes, or inserting a microcontroller inside a desktop mouse. Others, like a new attack on Apple's wildly popular iPad 2, are much more simple, but just as scary.
The attack exploits a security bug in the iPad 2 and enables anyone to gain access to the device even if its rightful owner locked and protected it with a passcode. In a YouTube video, SecurityNewsDaily managing editor Paul Wagenseil demonstrated the technique, which uses nothing more than a Smart Cover, an Apple product that functions as a cover and stand for the iPad but also puts it to sleep when it's laid flat on the device.
In the video, Wagenseil locks the iPad and holds down the power button until it's off and the screen displays the "turn off" slider. He closes the Smart Cover, then removes it and clicks "cancel" at the bottom of the screen. The screen suddenly springs to life and Wagenseil has access to whatever app was running when the iPad went to sleep. (The Smart Cover can also be replaced with a refrigerator magnet to perform the same attack, MSNBC reported.)
"I'm in his email, I can go through his email, I can compose an email, I can read all his email, I can delete all his email, I can do whatever i want," Wagenseil says in the video.
The flaw was first reported by Mark Gurman with 9to5Mac, who explained that the attacker who unlocks the iPad 2 will not have complete access to the iPad, but will be able to gain entrance to whatever was running when the device was locked.
So, if the last thing you were doing on your iPad was playing a video game, this isn't too worrying. But, as Gurman said in his own video demonstration, "The issue really gets horrible if you have Mail or Safari or something of that nature open."
Gurman wrote that the issue occurs in iOS 5, "but we're hearing uncorroborated reports of it also working in earlier versions of iOS 4.3."
There is a solution to keep your iPad 2 protected from the Smart Cover attack. In the settings menu under the "General" tab, disable "Smart Cover Unlocking" to prevent someone from using a Smart Cover to get around your password.