Languagesx
English Deutsch
Subscribe
Home Encryption, Passcode & Physical Security Flaws Found in iOS 5

Encryption, Passcode & Physical Security Flaws Found in iOS 5

As with the release of any new version of a major operating system, the security holes will be picked out as users get their hands on it and starting putting it through the paces. Apple’s newest iOS 5 is no different.

Chester Wisniewski of Sophos points out that iOS 5 has the same flaw in encryption that iOS 4 did. In addition, reports have surfaced that there is a flaw in iOS 5 that lets users access a password-locked iPad with one of Apple’s smart covers. Users should take note and use caution with leaving their iPads in places where a nefarious character might have physical access to it.

Wisniewski points out this sentence from the iPad Business Security document from Apple that is misleading when it comes to data encryption.

“iPad provides hardware encryption for all data stored on the device, and additional encryption of email and application data with enhanced data protection.”

Wisniewski has this to say about the encryption in iOS 5:

This type of misleading statement shows how the specific meaning of a statement might imply that all of your data is protected where the reality is the devil is in the implementation details.

iOS 5 devices have the exact same implementation flaw of the AES 256 encryption as iOS 4. While the data is encrypted, iOS provides unfettered access without knowing the passcode or possessing the encryption keys.

All media (photos, videos, sound recordings and music) can be accessed from a computer that can speak Apple’s control protocol without any authentication, even if the device is locked.

Siri Bypasses Passcode

A website called Macnotes.net noticed that a passcode-enabled iPhone running iOS 5 has a security flaw where it will allow users to return a missed mobile call with the swipe-to-call feature.

It turns out that the bypass passcode problem is not unique to returning phone calls. Siri, the personal voice activated assistant that lives in the iPhone 4S, also has been allowing users to get through the passcode without approval. Graham Cluley of Sophos said he as able to pick up a co-worker’s iPhone 4S, press the home screen button and give Siri a command. He sent an email and a text message without entering the passcode.

Smart Case Plays Dumb

An iPad 2 with a smart case will unlock itself when opened in iOS 5. Basically, if a device is in the off-ready state when the smart cover is put down, when a user takes the cover off, it will allow a person to hit the cancel button out of the off-ready screen and give it access to whatever was the last app or browser open on the iPad. Take a look at the video from 9to5 Mac below.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

tags

Related News

iPhone on a black background with a red "X"
Apple pulls WhatsApp and Threads from China’s app store
Brian-Damien Morgan
Google could launch Find My Device network in early April. A hand holding a smartphone with the Google logo magnifying glass icon overlaid on a background of concentric circles in Google's colors.
Google could launch Find My Device network in early April
Suswati Basu
Google may have fixed its Pixel scrolling issue. A smartphone displaying the Chrome logo with a graphic of a hand pointing to a downward arrow, symbolizing a scrolling action, on a vibrant Google-colored background.
Google may have fixed its Pixel scrolling issue
Suswati Basu
Apple Settles lawsuit
Apple settles lawsuit over CEO China comments
Charlotte Colombo
An illustration depicting a generic smartphone displaying a browser and various app icons, set against the backdrop of the European Union flag, symbolizing regulatory compliance and technological integration within the EU.
Apple to allow users to uninstall Safari on EU iPhones, embracing Digital Markets Act
Maxwell Nelson

Most Popular Tech Stories

Latest News

Screenshot from Tomb Raider Definitive Edition
Technology

Xbox announces first batch of Game Pass titles for May 2024
Rachael Davies21 mins

Microsoft has announced the first few titles coming to Xbox Game Pass in May of this year. As well as the previously-announced arrival of Star Wars Jedi: Survivor, Microsoft has...

Popular TopicsArrow right.svg

AI
AI
AR / VR
AR / VR
Cryptocurrency
Cryptocurrency
Gaming
Gaming
Smartphone
Smartphone
Gambling
Gambling
Wearables
Wearables
Web
Web

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.