Tuesday, January 16, 2018

iPad Erased By Too Many Failed Passcode Entries

Josh Centers:

Alas, I know this problem all too well because I have a tech-addled toddler who likes to use the iPad Lock screen as a drum, so he disables his iPad regularly. And before you ask, no, this feature is not related to the Erase Data feature in Settings > Touch ID & Passcode that erases the data on your iOS device after 10 incorrect passcode entries. This is a built-in security feature that cannot be disabled.

How many incorrect passcode entries it takes before the iPad locks is up for debate. Apple’s support document says six. In my testing, that isn’t true. It took only five tries with random passcodes to disable my iPad for 1 minute.


Once you kick off the process, it works like this: the device is disabled for 1 minute. There is no way to bypass it being disabled — you just have to sit in time out like a naughty child. Once that time is up, you get one chance to get the passcode correct or your device is disabled for 5 minutes. Get it wrong again and it’s disabled for 15 minutes! The next failure disables it for another 15 minutes. After that, 1 hour. Get it wrong one more time, and you won’t be able to get in directly on the device ever again. Your only solution at that point is to erase all content and settings and restore from backup.


Worse, this feature can render a device completely useless and potentially cause a user to lose data, if the device wasn’t set to back up or its backups were failing for some reason. I’ve never seen a non-optional security feature that could brick a consumer-level device even if an authorized user could later authenticate themselves.

Update (2018-04-07): Dave DeLong:

Working myself up to write a righteously angry blog post about how pathetically terrible the parental controls on iOS are.

This time it’s that f***ing “finish setting up your iPad” nag that tells them to set a passcode.

They set a passcode. They forget the passcode. They enter a wrong one. I now have to DFU the stupid thing and spend an hour bringing it back to life.

Meanwhile, all app data is lost

6 Comments RSS · Twitter

I don't see much of an issue with this. Presumably, this is a low-level hardware feature aimed at preventing attackers from brute-forcing passwords. Perhaps it should take a bit more to get to the point where you can't enter a password anymore, but in general, having this kind of low-level protection that can't be disabled seems like a good idea.

Lukas: I'm not very security minded, but what's wrong with continuing to allow one attempt per hour? If I did the math correctly, it would be 11.41 years to try every six digit passcode and even though you would surely find it before the very last attempt, a few years seems pretty good to me.

I think the problem is what's the point of this feature over the "wipe after x times" feature? Either way it's effectively wiped after a certain amount of failed attempts.

Either way looks like 10 is the magic number (check my math please) for the device becoming useless without a reset.

> what's wrong with continuing to allow one attempt per hour?

At some point, the device should assume that it is under attack, and just clear itself, so the attacker can't adapt strategies.

[…] Previously: iPad Erased By Too Many Failed Passcode Entries. […]

Leave a Comment