Fri, 27 Jan 2012 How to hack an iPad

Most iPad and iPhone owners rely on their Apple ID password to prevent access to their account details. This won't stop a hacker gaining access to your personal account and log in details. Here's how to hack an iPad.

Whenever you want to change a setting on an iPad or iPhone, aside from non-critical items such as the alarm clock time or the volume, Apple prompts you to enter your Apple ID. Ideally, there will be a four-digit PIN code preventing anyone who isn’t you being able to get as far as the settings menu, but not all of us are that careful.

Here’s why you really should pay much more heed to controlling access.

Go to the App Store and click on an item to download. Assuming it costs anything at all to purchase, you’ll be prompted to enter the password for your Apple account. Do so, and then wait for the app to start installing. Return a few minutes later and you’ll be able to purchase more apps without having to type in your password again. In other words, you’ll be able to initiate more micro payments without specifically agreeing to them.

This isn’t a lot of use, but the same idea can be used to access the account, password and payment details for a user’s account. They simply need to have left their trusty iPad or iPhone unguarded on their desk for a few minutes (but not long enough for the autolock to have kicked in and a password to be required). This leaves the device open for someone to delve into the Settings menu and root around for their address, name, password reminder info and partial credit card details.

It works precisely because the same no need to re-enter a password principle applies to changes to the Settings on your iOS device itself. If the registered account holder has recently entered the necessary password, you may not need to enter your password again to get at items in the Settings menu.

Using the former scenario, we were able to delve into the Settings, Store menu on an iPad, view password prompt details and full address information for the user. We just had to click on the View Apple iD option and scroll through the information that appeared. We could then take a screengrab of the details and, from the iPad’s Photo gallery, email the screenshot to any address we wished.

At first we thought we’d just got lucky, so checked the process on another iPad, this time with an Apple ID password required to access the account settings.

It turns out that even if you click on Settings and go to the Store menu and are then prompted for a password, you’ll probably be able to get at the account holder, full address and password reminder details.

If you don’t know the password, click on the iForgot button that pops up. You’ll be taken to a landing page on the Apple site where you can either verify your details using the ID and password prompt information you provided when you created the Apple account – or you can request a reminder by email.

Do the latter and Apple will obligingly send you a link within seconds. On the two iPads we which we tried it, we were able to reset the password by following the link we were given and entering a new, strong (ie combination of upper and lower-case , numerals and letters) password.

When we returned the two iPads to our unsuspecting colleagues, one was able to reset their Apple ID by going to their account online; the other found themselves locked out of their account as they tried to reset their password on the iPad itself.

Needless to say, we showed both colleagues what we’d done and the details we’d been able to view. A four-digit PIN code would have prevented us from being able to do any of the above.