Encryption, Passcode & Physical Security Flaws Found in iOS 5

As with the release of any new version of a major operating system, the security holes will be picked out as users get their hands on it and starting putting it through the paces. Apple’s newest iOS 5 is no different.
Chester Wisniewski of Sophos [points out that iOS 5 has the same flaw in encryption that iOS 4 did](http://nakedsecurity.sophos.com/2011/10/21/ios-5-introduces-security-challenges-and-flaws/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29). In addition, reports have surfaced that there is a flaw in iOS 5 that lets users access a [password-locked iPad with one of Apple’s smart covers](http://9to5mac.com/2011/10/20/anyone-with-a-smart-cover-can-break-into-your-ipad-2/). Users should take note and use caution with leaving their iPads in places where a nefarious character might have physical access to it.
Wisniewski points out this sentence from the [iPad Business Security](http://www.apple.com/ipad/business/docs/iPad_Security.pdf) document from Apple that is misleading when it comes to data encryption.
“iPad provides hardware encryption for all data stored on the device, and additional encryption of email and application data with enhanced data protection.”
Wisniewski has this to say about the encryption in iOS 5:
> This type of misleading statement shows how the specific meaning of a statement might imply that all of your data is protected where the reality is the devil is in the implementation details.

**iOS 5 devices have the exact same implementation flaw of the AES 256 encryption as iOS 4. While the data is encrypted, iOS provides unfettered access without knowing the passcode or possessing the encryption keys.

**All media (photos, videos, sound recordings and music) can be accessed from a computer that can speak Apple’s control protocol without any authentication, even if the device is locked.

* *
**Siri Bypasses Passcode**
A website called [Macnotes.net](http://www.macnotes.net/2011/10/16/ios-5-security-issue-making-calls-without-entering-passcode/) noticed that a passcode-enabled iPhone running iOS 5 has a security flaw where it will allow users to return a missed mobile call with the swipe-to-call feature.
It turns out that the bypass passcode problem is not unique to returning phone calls. Siri, the personal voice activated assistant that lives in the iPhone 4S, also has been allowing users to get through the passcode without approval. [Graham Cluley of Sophos](http://nakedsecurity.sophos.com/2011/10/19/siri-iphone-4s-unlocked/?utm_source=twitter&utm_medium=gcluley&utm_campaign=naked%2Bsecurity) said he as able to pick up a co-worker’s iPhone 4S, press the home screen button and give Siri a command. He sent an email and a text message without entering the passcode.
**Smart Case Plays Dumb**
An iPad 2 with a smart case will unlock itself when opened in iOS 5. Basically, if a device is in the off-ready state when the smart cover is put down, when a user takes the cover off, it will allow a person to hit the cancel button out of the off-ready screen and give it access to whatever was the last app or browser open on the iPad. Take a look at the video from 9to5 Mac below.