For a while now, users had the chance to test drive iOS 5 and to look for flaws and ways to address them. Besides new exciting features, iOS 5 is hiding a few security weak points.
First, iOS 5 seems to have the same encryption weakness that concerned iOS 4 users a year ago. But, when explaining “iPad in Business: Security” Apple points out that “iPad provides hardware encryption for all data stored on the device, and additional encryption of email and application data with enhanced data protection.” The phrase might lead us to believe that all data on an iPad is protected. However, Chester Wisniewski, from technology website NakedSecurity, noticed that iOS 5 and iOS 4 share the same implementation flaw of the AES 256 encryption.
This means that all videos, photos, and music stored on a locked iOS device can be accessed from a computer compatible with Apple control protocol, without the need for authentication.
iOS 5 Security Flaws
In addition, an iPad 2 using a Smart Cover has another security loophole. According to a video recently published on 9to5Mac website, a Smart Cover unlocks the iPad, but the nosy intruder won’t have access to all the data stored on the tablet. The only information available for this unauthorised curiosity is the one from the screen iPad 2 was locked on. This could turn into a problem if the owner last visited Mail, Contacts, Messages, Safari or even Maps.
If the iPad 2 was locked on Home screen, the intruder can browse through apps without opening them and use the multitasking bar to control media. A forum user warns that even in this case, the prowler can search for keywords and read messages from spotlight, or even worse, he/she can delete apps. 9to5Mac suggest a solution to ensure the confidentiality of data: “you can temporarily fix this bug by disabling Smart Cover unlocking in the iPad 2 settings menu under the General tab.”
Security Issues with Siri
If this doesn’t seem to encourage the sneaks enough, Siri gets pretty friendly with the iPhone 4S user. According to MacNotes.de Siri bypasses passcode for almost any purpose.
But the problem is bad enough without Siri interfering. Theoretically any iPhone 3GS, 4 or 4S running on iOS 5 and with Passcode enabled should provide perfect security for placing calls. However, the new feature “slide to call” allows everyone to call back any missed calls without the need to unlock the screen.
To address the situation MacNotes.de suggests: “Press the Home button while your iPhone dials the number and you’re at the “standard” lock screen. The only difference is the name of your contact (or the number) where date and time usually are. If your recepient denies the call, you’ll receive the message “User Busy”.
The “slide to unlock” control will turn into a “slide to call back” control. Doing so WILL ask you for your Passcode.”
To make the matter worse, Siri will almost never ask for a passcode before reading contact information, sending messages or placing calls. This time, the solution comes from a forum, where David Cackette who suggests sending Siri to sleep when she risks becoming to chatty with the strangers:
“Settings > General > Passcode Lock > Siri (set to off)”.
As the flaws surface the blogosphere users seem to demand more and more a iOS 5.1 to be released soon.