iPhones default to syncing against cellular, not NTP. But if someone set it to use time.apple.com then you could use DNS poisoning and send an evil response from a malicious time.apple.com (assuming the user turned on NTP and didn’t change it to their preferred NTP pool/server). Not sure if the iOS ntp client would ignore a sync that far off from the default (the Mac OS X client would), gently sync, or hop.
3 Likes