> Theoretically, attackers can send malicious NTP requests to adjust every iPhone's time settings to January 1, 1970
Just to be clear, this (typically) isn't possible. NTPD refuses to adjust the clock if the time difference is too large. (I don't recall what the default threshold is, but IIRC it's less than 24 hours, certainly less than 46 years.)
This is important for TLS - if an attacker could significantly roll back your system clock, they could trick your browser into accepting an expired certificate. Compromised certificates would be a problem forever, rather than just until they expired.
What if you crafted a program that mimicked the functionality of an ntp server, and but it had a built in memory of what times have been given out to network clients? Couldn't you in theory send a series of NTP answers that quickly stepped back the clock of the target system, with the stepback value being whatever the maximum value the ntp client will handle? Answer one subtracts the time by 24 hours, the next by another 24 hours, the next by 24 hours? Is there a limit to how frequently the time can be stepped back?
Just to be clear, this (typically) isn't possible. NTPD refuses to adjust the clock if the time difference is too large. (I don't recall what the default threshold is, but IIRC it's less than 24 hours, certainly less than 46 years.)
This is important for TLS - if an attacker could significantly roll back your system clock, they could trick your browser into accepting an expired certificate. Compromised certificates would be a problem forever, rather than just until they expired.