Apple iOS: “Try again in 40 years…”

 

Whoop whoop, big surprise, there’s a BUG in this operating system! Apple iOS on the iPad, iPhone, iPod Touch, and iToilet have all been reported to do this once in a blue moon. Apparently it’s a result of a login failure followed by the system realtime clock resetting back to 0 seconds after Jan 1, 1970, 00:00:00 UTC.

At least on the desktop Mac OS X, a warning is thrown and sensible measures are taken to prevent meltdown when the system time gets lost like this. On the iBaubles, though, you may be faced with this: “iPhone / iPod / iPad is disabled, try again in 23,000,000+ minutes (about 40 years)”.

This would indicate that the login system is basically just doing something like this: if the password entered is invalid, it adds 60 seconds (or whatever) to the current time in seconds since January 1, 1970, then sets that as a deadline before which you cannot login again. Unfortunately this is stored in nonvolatile storage somewhere, but the time can still be lost by a loss of power, and no sanity check is present to reset the timeout if the system time is lost. (A much better method would be to just check the kernel’s register for system uptime!!) Since NONE of the Apple devices have user-replaceable batteries, this wouldn’t exactly be defeating the security granted by slowing down an attacker trying multiple passwords on the device.
IMAG4769_1[1]

 

The solutions:

* Get the time set on the device again. Either move into range of a WiFi network the device previously recognizes, or into range of a cellular signal in the case of an iPhone or 3G/4G connected iPad. Upon reestablishing connection, the device may reset its clock and allow login again.

* Reset completely and restore from DFU mode. You will lose anything stored on the device…. but it’ll be unbricked.
DFU mode instructions here.

Gee, is it any wonder why I prefer Android? 😉

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.