Ipad Lock-out for 48 Years ( 25,536,442 min)????

Question

Level 1

8 points

Ipad Lock-out for 48 Years ( 25,536,442 min)????

For those of us who have seen the news (or not) TL;DR: 3 year old locks iPad for 48 years by inputting wrong password/code multiple times.

What is boggling my mind is how this actually occurred.

First, we know that the 10 tries till complete erasure must have been turned off thus allowing an 'infinite' number of failed attempts to take place.

My question is the following... what were the disabled 'try again in' time lengths that came prior to 48 years. I am familiar with the 15 secs, 1 min, 15 min, 1 hour disabled lock-out periods before one can try again....

What is really getting to me is should that pattern continue, even if exponential, there would still have to be a point where the iPad was disabled for a period of days, then months, and then years (each with yet another successive failed attempt). This is the only way I can conceive of the lock-out period achieving such a high number.

Can someone @ Apple or someone with knowledge of how the disabled/lock-out sequence works (with the 10 times max erase off). Something doesn't quite add up here.

Posted on Apr 9, 2019 7:32 PM

Reply

Answer 1

Best reply

MacR3x Author

Level 1

8 points

Apr 9, 2019 8:19 PM in response to ckuan

ok... all of the above understood. as a user that has always had 10x erasure activated, i don't know what happens after 10 attempts. per your response, after attempt 9 (1 hour) i am unclear what the delay time is for attempt 10,11,12, etc that would allow it to achieve a 48 year disabled time. this was apparently achieved by a 3 year old, not a brute force attacker.

i suppose i can simplify my question: how many iterations of failed inputs and associated wait times must the device have gone through in order to achieve a 48 year lock out period?

Reply

Answer 2

ckuan

Level 10

120,710 points

Apr 9, 2019 7:54 PM in response to MacR3x

FYI: This is a user to user technical forum, Apple is not here.

Delays between passcode attempts

Attempts Delay Enforced

1–4 none

5 1 minute

6 5 minutes

7–8 15 minutes

9 1 hour

The passcode is entangled with the device’s UID, so brute-force attempts must be performed on the device under attack.

A large iteration count is used to make each attempt slower. The iteration count is calibrated

so that one attempt takes approximately 80 milliseconds.

This means it would take more than five and a half years to try all combinations of a six-character alphanumeric.

Reply

Answer 3

Apr 9, 2019 8:22 PM in response to ckuan

I believe the OP's questions are rhetorical. His child didn't lock him out of an iPad for 48 years. He's asking how it could happen and he referenced a Twitter Tweet where it is alleged someones child locked them out of their iPad for 48 years.

Reply

Answer 4

MacR3x Author

Level 1

8 points

Apr 9, 2019 8:34 PM in response to lobsterghost1

correct, assuming this isn't a fraudulent incident, i am wondering what the conditions would satisfy an iPad or other Apple device locking out for that period of time. I question the validity of it even being possible as i originally stated, even with an exponential time-out period per failed attempt, it would still take many entries over (and almost more crucially) an extended period of time (i.e. one must wait until the time out period ends to enter next failed attempt).

btw... this is all over news feeds currently, i cannot speak to validity or not. i appreciate everyone's time and thoughts here, i am genuinely curious about this.

Reply