How to Hack an IPad

Prevent access with a four-digit PIN code or beware

By Rosemary Hattersley

January 27, 2012CSO — Most iPad and iPhone owners rely on their Apple ID password to prevent access to their account details. This won't stop a hacker gaining access to your personal account and log in details. Here's how to hack an iPad.

Whenever you want to change a setting on an iPad or iPhone, aside from non-critical items such as the alarm clock time or the volume, Apple prompts you to enter your Apple ID. Ideally, there will be a four-digit PIN code preventing anyone who isn't you being able to get as far as the settings menu, but not all of us are that careful.

Here's why you really should pay much more heed to controlling access.

Go to the App Store and click on an item to download. Assuming it costs anything at all to purchase, you'll be prompted to enter the password for your Apple account. Do so, and then wait for the app to start installing. Return a few minutes later and you'll be able to purchase more apps without having to type in your password again. In other words, you'll be able to initiate more micro payments without specifically agreeing to them.

This isn't a lot of use, but the same idea can be used to access the account, password and payment details for a user's account. They simply need to have left their trusty iPad or iPhone unguarded on their desk for a few minutes (but not long enough for the autolock to have kicked in and a password to be required). This leaves the device open for someone to delve into the Settings menu and root around for their address, name, password reminder info and partial credit card details.

It works precisely because the same no need to re-enter a password principle applies to changes to the Settings on your iOS device itself. If the registered account holder has recently entered the necessary password, you may not need to enter your password again to get at items in the Settings menu.

Using the former scenario, we were able to delve into the Settings, Store menu on an iPad, view password prompt details and full address information for the user. We just had to click on the View Apple iD option and scroll through the information that appeared. We could then take a screengrab of the details and, from the iPad's Photo gallery, email the screenshot to any address we wished.

At first we thought we'd just got lucky, so checked the process on another iPad, this time with an Apple ID password required to access the account settings.

Originally published on www.macworld.co.uk. Click here to read the original story.
RESOURCE CENTER