iPad 2 unlocking-by-cover vulnerability

The iPad 2 has a weird vulnerability: its PIN-based security can be bypassed by hooking up a "smart cover"


  1. This vulnerability has been publicly known for a week or two, and Apple has said that it will be fixed in iOS 5.0.1, coming soon.

  2. It Just Works[tm]. Even if you don’t want it to.

    Yes, I understand security flaws happen to everyone, and Apple isn’t pushing their “we’re invulnerable” line nearly as hard as they were over most of the last decade because they know that they don’t have obscurity on their security… but I couldn’t help it.

    1. Apple isn’t pushing their “we’re invulnerable” line nearly as hard as they were

      Apple never said that.  They said in ads that they didn’t get viruses like Windows do.  True then and still true to this day.  Macs can get trojans, but the majority of those are deflected by common sense usage of your computer (require user interaction where you download and install them yourself and most often even require you to put in your administrator password).

      Let’s see…  “iPad 2 unlocking-by-cover vulnerability”
      1) Requires physical access to said device  CHECK
      2) You don’t “catch this” by just going to a website (like on Windows).  CHECK
      3) Someone doesn’t email you an attachment and you’re hosed (like on Windows).  CHECK
      4) Still much more secure than a Windows machine.  CHECK

      Just checking.

      Meanwhile, if you’re running the latest, greatest Windows 7, be sure to turn off your ability to “just work” with true-type fonts in your software while Microsoft “just fixes” its latest round of nightmare security issues and gets a band-aid slapped on them.

      because they know that they don’t have obscurity on their security

      You mean security through obscurity?  Soundly disproven.

      Oh, and the iOS is considered by far the most secure OS for phones and tablets.  Actually, more of a proven fact over time than just a consideration…

      Android malware up 76 percent, nonexistent on iOS

      And, here’s a zinger for you… Steve Jobs has now been proven right about Flash. Adobe is discontinuing Flash for all mobile devices because it sucks so bad. Dammit, don’t you hate it when Apple knows what it’s doing?

      1. I, uh… think you took me too seriously, Cowicide. That was a little dash of snark, not the spinning up of an anti-Apple fanboy rant. :P I like OS X’s underlying security model (which is to say, UNIX’s) more than I do Windows’.

        The simple fact is that if a malicious actor has physical control of your device/box/doohickey, you can just about assume it’s going to be compromised one way or the other. I am aware of this.

        Also, iOS is more solid now, but they have had multiple serious vulnerabilities since the launch of the first iPhone. Apple also exerts more control over its platform by being almost viciously closed with tight control of the App Store. Android… yeah, anyone can write software for it, and the unfortunate side effect of that is that includes the less-nice guys too.

        Most Android malware tends to come from third-party markets that are less policed than the Google-run official Market (since that’s only available in some countries/carriers, and people using devices outside those areas have to make do with third-party services).

        But, again, I think you might’ve taken me too seriously. I have a much more nuanced view of security than “lol, Apple has no security but nobody writes malware because nobody uses Macs so nobody notices.” :P That attitude was prevalent in the early 90s but the world’s changed a lot since then.

        I have no argument against your statement regarding Flash, I’d like to point out. I am not a fan.

  3. And, the vulnerability is patched, in about two weeks.

    Not a “fanboy” mind you. Plenty of not-so-good. But Apple does well in many cases.

Comments are closed.