Users who have a passcode on their iPad 2 running iOS 5 should be aware that in one particular circumstance, the passcode can be bypassed and allow limited access to the iPad 2 simply by using a smart cover (or any similar cover that uses Apple’s magnet-based system for waking the iPad 2 from sleep), a German Mac website reports. The passcode barrier works as expected if the iPad is simply put to sleep, but an incomplete powering-off sequence leaves the device vulnerable.
The security flaw occurs when users press and hold the sleep button to bring up the “slide to power off” screen, but fail to slide the bar to actually power the device off. If the device goes to sleep at this stage, attaching and opening (or just opening) a Smart Cover will allow a person to simply “cancel” the power-down screen, which bypasses the passcode and returns the intruder to the home screen — or any app that was left on-screen when the device entered the power-down page.
For example, if Mail was left open when the device was compromised, the intruder would be able to fully use the Mail program. Any app left on-screen when the device entered the power-down screen appears to be fully functional when the vulnerability is exploited.
Even from just the home screen, intruders can use iTunes controls, view (but not run) apps, delete or rearrange apps, use Spotlight searching, view which apps have been recently-used via the App Switcher and read the Notification Center messages. Even though the intruder has limited access, personal information and apps or their settings could be compromised in such a scenario.
While it’s quite unlikely that users would leave an iPad to go to sleep in an incomplete power-off page, the fact that it is possible to compromise the iPad 2 running iOS 5 using this technique does pose some minimal risk. Users who are concerned can simply disable Smart Cover unlocking and locking via the preferences panel until Apple issues a fix for the problem.