Jump to content

Sneaky teen IT conundrum.


Recommended Posts

So I've been using the new Screen Time feature in iOS12 to lock the kids' iPads and phones overnight to remove temptation and alleviate bedtime arguments. Was working well. Until I notice today that a couple of notable apps (Clash of Clans, Netflix) are no longer blocked on Alec's devices even when Screen Time is active. Hmm, that seems ... mysteriously convenient. 

I reset everything (including the master passcode) on his stuff and on my phone, which is the main controller. No change. So I then manually add these apps to the "Always Allowed" list, then manually delete them. No change. Try this with a couple of other apps and it works just as you'd expect -- add them and they become accessible, remove them and they are blocked again. Doesn't work with CoC or Netflix. I check to make sure that he's signed into them through his iCloud account (since that's how Screen Time works) and not some new profile, and he is.

Am now stumped. Can still frustrate the sneaky little fucker by manually setting a usage limit of 00:00 for each app each night at bedtime, but 1) that resets automatically at midnight and 2) I'd just love to know how he's pulled this off without knowing the passcode (quite sure of that) or leaving any trace.

Any ideas?

Link to comment
Share on other sites

Via https://9to5mac.com/2018/09/26/screen-time-bypass-iphone-ipad/ and elsewhere

by googling "How to bypass screen time" and similar.

know thine enemy :)

The evil person in me would add redirecting DNS entries  on a scheduled basis (so when they lookup www.somehub.com it redirects them to  a "I know you're looking" page ...

looks like there is a market for such things already ....

https://www.asecurelife.com/best-parental-controls-for-wireless-networks/

possibly - no direct knowledge of - but looks like the right technical approach - esp if you tie it to the MAC (hardware ID) address of the given device(s) ...

https://www.safedns.com/en/parental-controls/

This could be a fun cat and mouse game, best played by denying all such knowledge of an approach, so they self-incriminate when certain things just stop working ;) 

 

 

 

  • Like 2
Link to comment
Share on other sites

Best off MAC locking, as you can't spoof that on a non-jailbroken iOS device any more. Most other approaches can be defeated, leading to a war of countermeasures, e.g.:

  • Ha ha! DNS blocking!
  • - stops accepting DNS server config from DHCP, moves to 1.1.1.1 or 8.8.8.8.
  • Have at ye! Egress blocking on port 53 udp/tcp
  • - moves to DNS-over-HTTP client

..and so on. Though maybe it could be fun. Spending all that time working out how to defeat it rather than playing games could even be educational ?

(I mean, you could have an openBSD box running without IPs as an invisible bridge, with all the network's traffic flowing through it, and then progressively clamp down on things via PF, that'd be hilarious.. )

Using an AP that lets you define hours of operation per-MAC or per SSID might be a good and painless start.

 

  • Like 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.