My fairly new 8th gen iPad died suddenly (will not power on) and I am sending it in for repair. Apple says I should restore factory settings first. Cannot do this due to death of device. Do I need to be worried about security of my personal info if I send it in as is? I saw an old post saying no, that passcodes are secure, but I'd like a little more input if possible.
iPad (8th generation)
To clarify, brute force attempts to cycle through potential passcodes isn’t possible for two principal reasons…
1. The number of attempts to enter the correct passcode is strictly limited (10) before the device is automatically disabled. When disabled, the encryption keys required to decrypt your locally stored data are permanently erased from the protected device - rendering recovery by anyone (including Apple) impossible.
2. Each failed attempt to enter the correct Passcode increases a delay before you can try again. This rapidly scales from minutes to hours.
Taken together, these two security measures make guessing the correct Passcode statistically very unlikely - and inhibit systematic determination of the correct Passcode.
To clarify, brute force attempts to cycle through potential passcodes isn’t possible for two principal reasons…
1. The number of attempts to enter the correct passcode is strictly limited (10) before the device is automatically disabled. When disabled, the encryption keys required to decrypt your locally stored data are permanently erased from the protected device - rendering recovery by anyone (including Apple) impossible.
2. Each failed attempt to enter the correct Passcode increases a delay before you can try again. This rapidly scales from minutes to hours.
Taken together, these two security measures make guessing the correct Passcode statistically very unlikely - and inhibit systematic determination of the correct Passcode.
Nobody can gain access to your iPad without successfully entering the correct device Passcode - and for this, there are a limited number of tries before the iPad will automatically become disabled. As such a brute-force attempt to access a working iPad, by guessing the correct passcode, is highly unlikely to be successful. Only if your device Passcode is known to whoever finds your iPad will any locally stored data be at risk of discovery.
iOS/iPadOS is architecturally designed to protect the owners data.
All locally stored data is encrypted; by design, the only copy of the encryption keys necessary to access local data are held within the Secure Enclave - the device security chip. The device Passcode unlocks the Secure Enclave, which in turn releases the encryption keys to the Operating System while the device remains unlocked.
If an incorrect Passcode is repeatedly entered, the Secure Enclave automatically wiped and the device disabled - an operation that erases all stored encryption keys. This is known as a crypto-erase. Once erased, all locally stored data is permanently beyond reach and cannot be recovered.
If the iPad is dead, there is no opportunity to access the passcode or decrypt data; your data is safe.
You can set up iCloud to erase it remotely, should it be connected to a network again:
Erase a device in Find Devices on iCloud.com - Apple Support
And, just to be sure, consider changing your Apple Account password:
Change your Apple Account password - Apple Support
Thank you. That sounds reassuring. I just wonder about robotic/AI attempts to break passcodes -- from what little I've heard, they spin thru combinations endlessly until they get to the right one without the repetition you mention. 6 digits doesn't seem like that many for AI, does it? Then again, if it weren't, I suppose we'd have heard about many Apple breaches, and I at least haven't.
Thank you! This sounds good. I was a bit taken aback by the guy on Apple Support chat who said no worries, just send it back.
You're welcome 🙂
Data security on dead iPad sent for repair?
