The story of the toddler who locked his dad’s iPad for almost 50 years is an amusing example of how security measures can occasionally be weaponized against valid users.
A few years ago, there was a plan where I work to place lockouts on employee accounts to critical systems. So, for example, if I had access to a critical system and entered the wrong password four or five times in a row, the system would lock down my account and I’d have to contact someone to get my account unlocked again.
I pointed out that this meant that a rogue actor with limited information–such as knowing the account names used by some of our employees (which would be only moderately difficult to obtain)–could launch a crude denial of service-style attack by spamming critical accounts on, say, a Friday night ahead of a mission critical weekend event.
Similarly, thanks to this report I now know I could shut my coworker out of her iOS device for a very long time simply by surreptitiously obtaining her device, entering the wrong password repeatedly, and then returning the device.
A lot of the “it is the idiot user’s fault” takes on this and other iPad events focused on the failure of Apple users to back their devices up to iCloud, as if iCloud hasn’t been hit with a series of security holes and outright breaches over the past few years.