Most iPad and iPhone owners rely on their Apple ID password to prevent access to their account details. This won't stop a hacker gaining access to your personal account and log in details. Here's how to hack an iPad.
Prevent access with a four-digit PIN code or beware
Whenever you want to change a setting on an iPad or iPhone, aside from non-critical items such as the alarm clock time or the volume, Apple prompts you to enter your Apple ID. Ideally, there will be a four-digit PIN code preventing anyone who isn’t you being able to get as far as the settings menu, but not all of us are that careful.
Here’s why you really should pay much more heed to controlling access.
Go to the App Store and click on an item to download. Assuming it costs anything at all to purchase, you’ll be prompted to enter the password for your Apple account. Do so, and then wait for the app to start installing. Return a few minutes later and you’ll be able to purchase more apps without having to type in your password again. In other words, you’ll be able to initiate more micro payments without specifically agreeing to them.
This isn’t a lot of use, but the same idea can be used to access the account, password and payment details for a user’s account. They simply need to have left their trusty iPad or iPhone unguarded on their desk for a few minutes (but not long enough for the autolock to have kicked in and a password to be required). This leaves the device open for someone to delve into the Settings menu and root around for their address, name, password reminder info and partial credit card details.
It works precisely because the same no need to re-enter a password principle applies to changes to the Settings on your iOS device itself. If the registered account holder has recently entered the necessary password, you may not need to enter your password again to get at items in the Settings menu.
Using the former scenario, we were able to delve into the Settings, Store menu on an iPad, view password prompt details and full address information for the user. We just had to click on the View Apple iD option and scroll through the information that appeared. We could then take a screengrab of the details and, from the iPad’s Photo gallery, email the screenshot to any address we wished.
At first we thought we’d just got lucky, so checked the process on another iPad, this time with an Apple ID password required to access the account settings.
It turns out that even if you click on Settings and go to the Store menu and are then prompted for a password, you’ll probably be able to get at the account holder, full address and password reminder details.
If you don’t know the password, click on the iForgot button that pops up. You’ll be taken to a landing page on the Apple site where you can either verify your details using the ID and password prompt information you provided when you created the Apple account – or you can request a reminder by email.
Do the latter and Apple will obligingly send you a link within seconds. On the two iPads we which we tried it, we were able to reset the password by following the link we were given and entering a new, strong (ie combination of upper and lower-case , numerals and letters) password.
When we returned the two iPads to our unsuspecting colleagues, one was able to reset their Apple ID by going to their account online; the other found themselves locked out of their account as they tried to reset their password on the iPad itself.
Needless to say, we showed both colleagues what we’d done and the details we’d been able to view. A four-digit PIN code would have prevented us from being able to do any of the above.
Comments
Rosemary Hattersley said: Youre absolutely right - taking advantage of the fact theres no password required isnt hacking But the fact that the password can be changed so easily because Apple Mail conveniently emails a reminder that pops up and allows you to change the credentials is rather a flaw
Johnyboy said: imaginarynumberJohn Lewis are an exception in that the staff are partners or effectively shareholders and the profit that would be a dividend in other companies and go to shareholders goes to the partners instead so it is not a bonus Of course they are retail but nevertheless sell Apple products so from your point of view could be the same as Apple Should they try to redistribute their profits down the chain also and not to their UK staff You see the problems dont you
Johnyboy said: Try running a manufacturing company in this country with the EU regulations versus the likes of China and India as I have and then come back I think your views would be materially alteredIf you have time see my comments on this PCA blog Apple accused of ignoring human cost of product manufactureAgain this fanbois attitude I am not a particular fan of Apple I just appreciate when a company runs well and is dare I say it profitable And bear in mind they do employ many young people in their UK shops which is particularly important at the moment
imaginarynumber said: Mv venom Vs your fanboismNormal people know little about security They adopt a why should we approachthey want simplicity and ease of use I get thatThe problem is that when you have uneducated fanbois claiming that a given platform is bullet proof free from virus etc the average punter starts to believe them For the record do you want to comment on the severe security issues that I mentionedIn response to the apple bashing claim- I do dislike what they have done to the phone app model Im not sure that i hate them but I do get cheesed off at the way that the AppleCultists and much of the press treat Apple if they can do no wrongApple are not perfect their products are not perfect perfection is unobtainableBTW exactly how should business be run- perhaps rewarding the people that make you your abnormal profits might be a starter repatriating those profits so that you pay taxes on them might be another putting less pressure on your suppliers so that they treat their staff better Fair play and profits are not mutually exclusive Look at John Lewisdont you even get it now
imaginarynumber said: Sorry WhoCares- I jumped to conclusions
Whocares said: How is that an appropriate response to my comment I wasnt defending or attacking apple All I was stating is that it is incorrect to use the term hacking to refer to accessing an unsecured device It is the same as people claiming that their Facebook account was hacked because they neglected to log out before leaving the computer
Johnyboy said: Oh dear Yet more Apple Bashing dont you get it even now Apple are a successful company because they work their business in a way that normal people actually like and produce kit that normal people actually like to useYes they are more expensive than many but look at their services and high quality and please LEARN a thing or two about how a business should be run before spitting out all your childish venom
imaginarynumber said: yeah- cause everyone knows that apple is king of security kind to Chinese workers love all their customers and saved the world by sending their son to die for our sinsBesides I personally preferred the whooping security flaw that allowed people to access content on a locked iPad by pressing a few buttons or equally impressive is the fact that apple have already allowed at least one piece of malware get into the app store and that it was there for months until the developer fessed upThe Occupy Wall Street brigademust be preying that more large corporationsstart rolling out iPads
Whocares said: Accessing a device that doesnt prompt for a password has absolutely nothing to do with hacking