Jump to content
Sign in to follow this  
Hopstretch

Sneaky teen IT conundrum.

Recommended Posts

So I've been using the new Screen Time feature in iOS12 to lock the kids' iPads and phones overnight to remove temptation and alleviate bedtime arguments. Was working well. Until I notice today that a couple of notable apps (Clash of Clans, Netflix) are no longer blocked on Alec's devices even when Screen Time is active. Hmm, that seems ... mysteriously convenient. 

I reset everything (including the master passcode) on his stuff and on my phone, which is the main controller. No change. So I then manually add these apps to the "Always Allowed" list, then manually delete them. No change. Try this with a couple of other apps and it works just as you'd expect -- add them and they become accessible, remove them and they are blocked again. Doesn't work with CoC or Netflix. I check to make sure that he's signed into them through his iCloud account (since that's how Screen Time works) and not some new profile, and he is.

Am now stumped. Can still frustrate the sneaky little fucker by manually setting a usage limit of 00:00 for each app each night at bedtime, but 1) that resets automatically at midnight and 2) I'd just love to know how he's pulled this off without knowing the passcode (quite sure of that) or leaving any trace.

Any ideas?

Share this post


Link to post
Share on other sites

Via https://9to5mac.com/2018/09/26/screen-time-bypass-iphone-ipad/ and elsewhere

by googling "How to bypass screen time" and similar.

know thine enemy :)

The evil person in me would add redirecting DNS entries  on a scheduled basis (so when they lookup www.somehub.com it redirects them to  a "I know you're looking" page ...

looks like there is a market for such things already ....

https://www.asecurelife.com/best-parental-controls-for-wireless-networks/

possibly - no direct knowledge of - but looks like the right technical approach - esp if you tie it to the MAC (hardware ID) address of the given device(s) ...

https://www.safedns.com/en/parental-controls/

This could be a fun cat and mouse game, best played by denying all such knowledge of an approach, so they self-incriminate when certain things just stop working ;) 

 

 

 

  • Like 2

Share this post


Link to post
Share on other sites

Best off MAC locking, as you can't spoof that on a non-jailbroken iOS device any more. Most other approaches can be defeated, leading to a war of countermeasures, e.g.:

  • Ha ha! DNS blocking!
  • - stops accepting DNS server config from DHCP, moves to 1.1.1.1 or 8.8.8.8.
  • Have at ye! Egress blocking on port 53 udp/tcp
  • - moves to DNS-over-HTTP client

..and so on. Though maybe it could be fun. Spending all that time working out how to defeat it rather than playing games could even be educational 😁

(I mean, you could have an openBSD box running without IPs as an invisible bridge, with all the network's traffic flowing through it, and then progressively clamp down on things via PF, that'd be hilarious.. )

Using an AP that lets you define hours of operation per-MAC or per SSID might be a good and painless start.

 

  • Like 2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×