from the time-to-rethink-how-this-works dept.
Take a 64-bit iOS device—iPhone 5S or newer, iPad Air or newer, iPad Mini 2 or newer, sixth generation iPod touch or newer—laboriously set its date to January 1, 1970, and reboot. Congratulations: you now have a shiny piece of high-tech hardware that's stuck at the boot screen, showing nothing more than the Apple logo... forever.
Posted on Reddit and subsequently demonstrated on YouTube, it appears that iOS has a rather embarrassing software flaw. Redditors testing the bug have found themselves with unusable phones, and there are reports that vandals have been resetting the clocks of display devices in Apple stores.
So far, taking advantage of this bug requires a few minutes of physical access, as it takes a while to wind the date back 46 years in the settings app. There is concern that Wi-Fi devices could be vulnerable to malicious data from NTP (network time protocol) servers. NTP is used by many operating systems to set the time and date of a device, and its data is both unencrypted and unauthenticated, making spoofing relatively straightforward. NTP clients should not generally change the time and date by such large amounts, so this may not be an issue, but iOS's behavior in this regard is currently unknown.
(Score: 0) by Anonymous Coward on Sunday February 14 2016, @05:56PM
Get the damn date systems right!
I had to handle these issue in 1982!
Switch the damn systems from a calendar that starts on Jan 1 1970 to one that started about 4000BC - astronomical calendar. Or even its little brother that started in 1970's. The difference is between them is like 100000.5 days. astronomical calendar the day changes at noon not midnight.
This issue of using a poor date routine even is in Videos and Photo storage bevuase of Apple. Took a broken system that excludes everything before JAn 1 1970 and not is standard.
Damn it Apple clean up your act.
(Score: 1) by g2 In The Desert on Sunday February 14 2016, @06:02PM
Right. Me too, I've been writing applications dealing with calendar's since the late 70's.
One question though... Why is this an issue? Do you have any need at all to set the date of a device to January 1st, 1970?
(Score: 3, Insightful) by SomeGuy on Sunday February 14 2016, @06:19PM
It is an issue because any random monkey fuck can invoke this bug, which apparently renders the iToy unusable (or more unusable than it already is).
(Score: 2) by takyon on Sunday February 14 2016, @06:25PM
Almost zero smartphone users change the date on their devices to something other than what the cell tower says it is. Little do they know that it is the secret to time travel.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 3, Informative) by SanityCheck on Sunday February 14 2016, @06:39PM
Indeed, it is also a secret to getting free stuffs in their favorite games. Wait 2 hours for 5 lives or pay 99 cents? Fuck that, just set my time +2 hours.
(Score: 2) by takyon on Sunday February 14 2016, @07:03PM
Programming like that needs a sanity check.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Sunday February 14 2016, @08:45PM
surely there's an app for that!
(Score: 2) by legont on Sunday February 14 2016, @06:27PM
That's why smart managers continue to use Cobol in mission critical systems.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 0) by Anonymous Coward on Sunday February 14 2016, @06:41PM
It's actually not got anything to do with COBOL either. Typically the devs that can code in COBOL are better than those who don't. I've never deployed anything in COBOL, but I can write code in it. I collect languages. Be ware of the programmer who only knows how to code in the languages they were "academically" trained for.
(Score: 1) by Arik on Sunday February 14 2016, @07:08PM
I suspect it has more to do with 1) if it isn't broken don't fix it and 2) script-kiddies run from COBOL.
If I were seeking programmers I'd be tempted to advertise specifically for COBOL programmers even though I did not expect a line of COBOL to actually be used - just to narrow the field and get applications from programmers rather than script-kiddies. A good programmer will be able to learn the language you want - a typical modern script-kiddy will churn out absolute crap no matter what language they use.
If laughter is the best medicine, who are the best doctors?
(Score: 2) by Nerdfest on Sunday February 14 2016, @08:49PM
In my books, willing to program in COBOL is a huge strike against someone. It is an absolutely horrible language, and always was.
(Score: 1) by Arik on Sunday February 14 2016, @10:32PM
Use the right tool for the job is my philosophy. I've never used it at all, but if I needed to write a non-trivial database intensive business app I'd definitely go take a better look at it.
And what would you suggest instead?
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Monday February 15 2016, @03:18AM
e.g. not using a monospaced font unless it's for code or ascii art?
(Score: 0) by Anonymous Coward on Monday February 15 2016, @03:21AM
(Score: 1) by anubi on Monday February 15 2016, @04:26AM
I am still very partial to C++, libraries, and assembler if needed.
However, some applications are for rapid deployment, do not have to be elegant or concise, just timely. For those, whatever building blocks of the day.
Python comes to mind, but there are many others.
I have one set of standards I use in maintenance of a van I intend to keep the rest of my life, and the quality of workmanship on a project where the project manager is running around like he's gotta go pee big-time. For him, I want it done NOW, and tomorrow's problems come tomorrow. If he does not get it NOW, I will be looking for another job tomorrow. However, if my own stuff, I want it done right so I do not have to do it over, along with buying replacement ruined hardware.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by Runaway1956 on Sunday February 14 2016, @06:34PM
Awww, come on, man. Some people still haven't figured out the Y2K "bug". They're still picking up trash cans, looking for roach-like creatures to go scurrying away. This "bug" is much more complicated. It's going to take at least 25 years to figure it out!
(Score: 3, Interesting) by Sir Finkus on Sunday February 14 2016, @08:33PM
Time is actually pretty hard to do correctly. Here's a somewhat humorous example. [infiniteundo.com]
There are so many corner cases and exceptions to rules.
Join our Folding@Home team! [stanford.edu]
(Score: 2) by Nerdfest on Sunday February 14 2016, @08:50PM
This is pretty much the first edge case they should be testing for though.
(Score: 0) by Anonymous Coward on Sunday February 14 2016, @06:04PM
If setting the date to 01/01/1970 causes problems with the devices then don't do that.
Sure, it's your device, and you can pretend that you had an iDevice decades before they were invented. But if you know that setting the date to the Unix Epoch turns your iDevice into an iCan'tUseMyDevice then don't do it. Plain and simple.
(Score: 3, Interesting) by isostatic on Sunday February 14 2016, @06:10PM
Do iPhones sync with NTP?
Do they have checks on magnitude of changes?
If my free wifi hotspot pretends to be time.apple.com can I change passing iOS devices to 1970?
(Score: 2) by Runaway1956 on Sunday February 14 2016, @06:38PM
Is there a way to change it to something B.C? Let's keep the 1970, but make it 1970 B.C.
(Score: 0) by Anonymous Coward on Monday February 15 2016, @11:20AM
I don't know, but there's a function available, kCFAbsoluteTimeIntervalSince1904, which returns "the time interval between 1 January 1904 and the reference date 1 January 2001 00:00:00 GMT."
source: https://developer.apple.com/library/prerelease/ios/documentation/CoreFoundation/Reference/CFTimeUtils/index.html#//apple_ref/c/tdef/CFAbsoluteTime [apple.com]
(Score: 4, Funny) by Bot on Sunday February 14 2016, @08:15PM
the problem is in the boot procedure, then fix the boot procedure. The boot process can surely assume a possibly broken date. Even systemd might manage that*
(*) after a heated discussion in the bug tracker where the systemd devs argue that the problem is not systemd but the world time which is horribly broken with all those leap stuff and time zones.
Account abandoned.
(Score: 0) by Anonymous Coward on Sunday February 14 2016, @08:25PM
There is nothing wrong with systemd ... except that it's everywhere.
(Score: 4, Funny) by Nerdfest on Sunday February 14 2016, @08:50PM
Hey Siri, set date to January 1, 1970.
:)
(Score: 5, Funny) by SomeGuy on Sunday February 14 2016, @06:13PM
What time is it when your iToy says January 1, 1970?
Time to get a new one :)
you now have a shiny piece of high-tech hardware that's stuck at the boot screen, showing nothing more than the Apple logo... forever.
Or at least for the next 40 or so years
(Score: 1, Funny) by Anonymous Coward on Sunday February 14 2016, @06:46PM
So, if someone creates a router redirect from NTP servers to one that sends out the January 1, 1970 date... You get a shitload of expensive bricks?
(Score: 2) by frojack on Sunday February 14 2016, @08:13PM
The AC says:
So, if someone creates a router redirect from NTP servers to one that sends out the January 1, 1970 date... You get a shitload of expensive bricks?
I'm sure you were going for funny...
But reading the last line of the summary might have helped. If you are ONLY using one time source, you are doing it wrong. (For precisely reasons like this).
But then we don't know anything about the use of NTP in IOS, and because its all closed source we probably never will.
If Apple is using NTP at all, they probably hard code the time source to ONE their own servers rather then a pool or a hand full of servers. Microsoft does that same thing, if left to their own defaults.
Most opensource OSs default to a pool (which is really not that good of an idea) but allow multiple time sources, and the software will kick outliers off the island.
No, you are mistaken. I've always had this sig.
(Score: 5, Insightful) by isostatic on Sunday February 14 2016, @09:38PM
I control the router, I control your connection. DNS, NTP, I don't care what you think you're sending to your packet, no end to end encryption means it's mine. Your DNS set to 3.66.53.86? Nope, I'm changing that to my poisoned DNS server. Http to google? No, I'll be running that through a transparent webcache.
(Score: 5, Informative) by wonkey_monkey on Sunday February 14 2016, @06:48PM
Congratulations: you now have a shiny piece of high-tech hardware that's stuck at the boot screen, showing nothing more than the Apple logo... forever.
Only not forever, hence the headline's use of the somewhat ugly term "soft-brick":
The faulty date does get reset when the battery goes completely flat, however, so discharging the phone (or disconnecting the battery, if you're brave) fixes it.
systemd is Roko's Basilisk
(Score: 3, Insightful) by Tork on Sunday February 14 2016, @10:24PM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 2) by darkfeline on Monday February 15 2016, @01:24AM
Hello, that's my headline. Is my use of "soft-brick" here wrong? It bricks your device, but it can be fixed trivially, hence soft brick. I guess you think that soft-brick only applies when you have to re-flash memory? I thought that too, but after some basic research I arrived at the definitions: hard = can only be fixed by changing out hardware, soft = not hard.
Join the SDF Public Access UNIX System today!
(Score: 2, Insightful) by pipedwho on Monday February 15 2016, @05:49AM
But, 'brick' implies the device is no longer any more useful than a brick. And the summary then goes on to say it stays on the boot screen forever.
That's kind of playing fast and loose with words. Brick no longer meaning brick, and forever not actually meaning forever.
It's like saying that someone was just soft murdered. They're only mostly dead, but they'll wake up if you bring on the smelling salts.
Miracle Max: It just so happens that your friend here is only MOSTLY dead. There's a big difference between mostly dead and all dead. Mostly dead is slightly alive. With all dead, well, with all dead there's usually only one thing you can do.
Inigo Montoya: What's that?
Miracle Max: Go through his clothes and look for loose change.
(Score: 3, Informative) by darkfeline on Monday February 15 2016, @10:07AM
Uh, soft-brick is a legitimate term, no matter if you take personal offense to it. Playing fast and loose with words is how natural language works. Next you'll tell me I'm using literally wrong, except in the dictionary there's literally an entry for using the word "literally" figuratively.
If it comes to pass that people start being soft-dead (perhaps due to some zombie virus), then yes, expect "soft-murdered" to enter the English vocabulary.
Join the SDF Public Access UNIX System today!
(Score: 2) by tangomargarine on Monday February 15 2016, @02:40PM
Next you'll tell me I'm using literally wrong, except in the dictionary there's literally an entry for using the word "literally" figuratively.
Yes. Descriptivism isn't the only approach, dude. Some of us still believe words, even when constantly misused, have a correct meaning.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 5, Funny) by Nerdfest on Sunday February 14 2016, @08:52PM
showing nothing more than the Apple logo... forever.
So, from Apple's point of view, pretty much the perfect device.
(Score: 2) by Gravis on Sunday February 14 2016, @11:21PM
xkcd saw it coming. [xkcd.com]
(Score: 2) by TheRaven on Monday February 15 2016, @11:59AM
sudo mod me up
(Score: 2) by tangomargarine on Monday February 15 2016, @02:42PM
when given pre-1970 dates
laboriously set its date to January 1, 1970
Epoch fail indeed.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by q.kontinuum on Sunday February 14 2016, @11:30PM
70s theme for iPhone [twimg.com]
Use on own risk...
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: -1, Redundant) by Anonymous Coward on Monday February 15 2016, @03:59AM
Since you need to have an arbitrary amount of Karma points to downmod, please mod parent troll!
(Score: 2) by q.kontinuum on Monday February 15 2016, @07:13AM
I posted the link in a forum explicitly warning of this bug. Anyone reaching my post knows the background. Care to elaborate how this is than still troll?
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 2) by Daiv on Monday February 15 2016, @04:01PM
If you want posts modded, sign in and mod. Otherwise, reply and bitch like every other AC.