Yes I know, but given that of the three bytes reserved for Apple, a specific device type like 4s, 4, 5, or alike, happens to have a subset of the fourth bytes combination, the space is reduced to a bit more than 16 bit, making the brute force attack absolutely feasible.

p.s. I've verified that other 4s have a different (but numerical very "near") fourth byte. It seems in the range 20-24 or alike.