Home Encryption, Passcode & Physical Security Flaws Found in iOS 5

Encryption, Passcode & Physical Security Flaws Found in iOS 5

As with the release of any new version of a major operating system, the security holes will be picked out as users get their hands on it and starting putting it through the paces. Apple’s newest iOS 5 is no different.

Chester Wisniewski of Sophos points out that iOS 5 has the same flaw in encryption that iOS 4 did. In addition, reports have surfaced that there is a flaw in iOS 5 that lets users access a password-locked iPad with one of Apple’s smart covers. Users should take note and use caution with leaving their iPads in places where a nefarious character might have physical access to it.

Wisniewski points out this sentence from the iPad Business Security document from Apple that is misleading when it comes to data encryption.

“iPad provides hardware encryption for all data stored on the device, and additional encryption of email and application data with enhanced data protection.”

Wisniewski has this to say about the encryption in iOS 5:

This type of misleading statement shows how the specific meaning of a statement might imply that all of your data is protected where the reality is the devil is in the implementation details.

iOS 5 devices have the exact same implementation flaw of the AES 256 encryption as iOS 4. While the data is encrypted, iOS provides unfettered access without knowing the passcode or possessing the encryption keys.

All media (photos, videos, sound recordings and music) can be accessed from a computer that can speak Apple’s control protocol without any authentication, even if the device is locked.

Siri Bypasses Passcode

A website called Macnotes.net noticed that a passcode-enabled iPhone running iOS 5 has a security flaw where it will allow users to return a missed mobile call with the swipe-to-call feature.

It turns out that the bypass passcode problem is not unique to returning phone calls. Siri, the personal voice activated assistant that lives in the iPhone 4S, also has been allowing users to get through the passcode without approval. Graham Cluley of Sophos said he as able to pick up a co-worker’s iPhone 4S, press the home screen button and give Siri a command. He sent an email and a text message without entering the passcode.

Smart Case Plays Dumb

An iPad 2 with a smart case will unlock itself when opened in iOS 5. Basically, if a device is in the off-ready state when the smart cover is put down, when a user takes the cover off, it will allow a person to hit the cancel button out of the off-ready screen and give it access to whatever was the last app or browser open on the iPad. Take a look at the video from 9to5 Mac below.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.