9 to 5 Mac is reporting that a vulnerability exists that allows anyone with a Smart Cover to bypass the passcode lock on an iPad 2 with iOS 5 and possibly with versions as old as iOS 4.3. iSource has verified that the problem does indeed exist.
The hack works like this:
- Take a locked, passcode-protected iPad, and wake it up, but do not enter a passcode
- Hold the power button until the “Swipe to turn off” button appears.
- Close the Smart Cover (or use a magnet)
- Open the Smart Cover
- Hit “Cancel” at the bottom of the screen (to cancel the shutdown)
You will be left at whatever screen the iPad was on when it was locked. And there’s the problem; if it was the mail app, the attacker can use the mail app just as the owner would. Ditto for any other app. If it’s left on the home screen, the attacker can browse through the installed applications, but cannot launch any of them.
At this time, pending whatever fix Apple might introduce to fix this bug, you have two workarounds:
- Disable the option to unlock the iPad with the Smart Cover in Settings
- Always go to the Home Screen before you put down/lock your iPad
Option number 2, of course, assumes that you don’t care if anyone sees what apps you have installed. You don’t, right?