xView full post on X

A woman in China got an unwelcome surprise after giving her iPhone to her toddler in January. According to a media report cited by the South China Morning Post, she grabbed it back to find that it was disabled for some 25 million minutes—roughly 47 years—presumably due to a truly heroic number of incorrect PIN attempts. As a result, she was stuck having to wait for the timer to tick down, or with the alternative of wiping her phone.

Such lockouts are a built-in feature in iOS, designed to prevent bad actors from breaking into phones with the help of software or machinery that could brute force a four-digit pin in short order. According to Apple's documentation, a device becomes "disabled" after six concurrent incorrect PIN attempts. Optionally, users can enable a feature that will actually delete the phone's data after 10 incorrect attempts. In this case, the child evidently tried a whole lot more than 10 incorrect PINs, disabling the phone and adding time to its countdown timer with each one. We've reached out to Apple to see if a total of 25 million minutes or more is, in fact, technically possible without modified hardware or software. While incidents like this are obviously rare, they do appear to be possible.

When the woman went to an Apple store for help, she was reportedly told to wait out the time or wipe her phone and start fresh. A tough choice, but one borne out of actual good security; there's no backdoor for better or for worse.

Source: South China Morning Post via 9 to 5 Mac