SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    A new security feature for the iPhone- Stolen Device Protection
Page 1 2 
Go
New
Find
Notify
Tools
Reply
  
A new security feature for the iPhone- Stolen Device Protection Login/Join 
Peace through
superior firepower
Picture of parabellum
posted
Apple makes security changes to protect users from iPhone thefts

Apple is addressing a security vulnerability that has allowed iPhone thieves to take over customers’ accounts, access saved passwords, steal money and lock people out of their digital memories.

A new iOS setting called Stolen Device Protection is designed to defend against these attacks. It is rolling out to beta testers starting Tuesday.

The Wall Street Journal reported on a nationwide spate of thefts where criminals used the iPhone passcode to break into victims’ accounts and upend their lives. Thieves in New York, Chicago, New Orleans, Minneapolis and other cities watch iPhone owners tap in their passcodes before stealing the targets’ devices.

The Journal’s reporting outlined for the first time how these thefts resulted in losses far beyond phones, and how Apple’s security settings gave victims few ways of preventing harm once their passcodes fell into the wrong hands. We have heard from hundreds of people over the past year whose iPhones and digital lives were stolen.

Apple is planning to include Stolen Device Protection in a coming software update. Still, users must turn the new setting on, and it won’t cover all threats to your personal and financial information on an iPhone. Here’s why you would want it, and what to consider even if you turn it on.
How it works

Your passcode, that short string of numbers that grants access to an iPhone, has powerful reach. With this number, typically four or six digits, thieves can access a lot of your data and make sweeping changes to your accounts. And when Face ID or Touch ID fails, the passcode serves as a fallback.

If you enable the new Stolen Device Protection, your iPhone will restrict certain settings when you are away from a location familiar to the iPhone, such as your home or work. Here’s the rundown:


Apple ID password change

• If you do nothing: A thief can use the passcode to change your Apple account password and lock you out. This move is the key to thieves turning off Find My and wiping phones for resale. Since you, the iPhone’s owner, don’t have the changed Apple ID password, you can’t immediately locate your iPhone or remotely wipe its data.

• With Stolen Device Protection: If you want to change an Apple ID password when away from a familiar location, the device will require your Face ID or Touch ID. It will then implement an hour-long delay before you can perform the action. After that hour has passed, you will have to reconfirm with another Face ID or Touch ID scan. Only then can the password be changed.


Update Apple security settings

• If you do nothing: A thief can use the passcode to enable what is called a recovery key. Apple designed the setting to protect users from online hackers. But if a thief adds a recovery key, you can’t reset your Apple ID password with your phone number or email. That means losing access to all your photos, files and whatever is saved in iCloud—possibly forever.

• With Stolen Device Protection: As with changing the Apple ID password, enabling or changing the recovery key or trusted phone number will require two biometric scans an hour apart. (Needless to say, thieves couldn’t use the passcode to immediately turn off Stolen Device Protection itself—that, too, will require the same biometric scans and security delay.)


Accessing passwords in Keychain

• If you do nothing: When you use Apple’s iCloud Keychain as a password manager to store passwords for your bank, cash and crypto apps, a thief could use the iPhone passcode to unlock the Keychain and access them all. We have heard from plenty of people who said thieves transferred tens of thousands of dollars from their accounts.

• With Stolen Device Protection: The device requires your Face ID or Touch ID to access those passwords. The passcode will no longer serve as a backup for failed biometrics.
What can still be stolen

A thief with your iPhone and its passcode can still unlock your phone, even when Stolen Device Protection is on. Any app that isn’t protected by an additional password or PIN is vulnerable. So are accounts that can be reset by text or email. And Apple Pay still works with a passcode if Face ID or Touch ID fails. That’s why we suggest the following:

Don’t give your passcode to strangers. Hide it in public, and always try to use Face ID or Touch ID.

Create a hard-to-guess alphanumeric passcode. A string of letters and numbers is much harder for a thief to snoop than a six-digit code. Go to Settings > Face ID & Passcode > Change Passcode > Passcode Options > Custom Alphanumeric Code.

Add PINs to cash and crypto apps. Add protection to Venmo and Cash App by enabling an additional PIN or biometrics. You can also set up a separate passcode to protect Coinbase or Robinhood in security settings.

Act quick to remotely wipe your device. If we have learned anything from our reporting, it’s that the toll of a stolen phone can be much more than just the cost of the device. So if a thief does get hold of your iPhone, act quickly. Memorize this simple web address: icloud.com/find. You can use it on any device or web browser to log in and remotely erase the data on your missing or stolen device. (You should always back up your phone to iCloud.)

When Apple releases Stolen Device Protection, it plans to prompt users to turn it on. You will find the setting under Face ID & Passcode.
 
Posts: 110098 | Registered: January 20, 2000Reply With QuoteReport This Post
Member
Picture of Prefontaine
posted Hide Post
Interesting. More and more I use the cellular watch full time. The phone stays locked up in the vehicle (need it for carplay/music) and many times I leave it at home. But this new security feature sounds good to me for the phone. Many people go off on Apple but out of all these tech companies they do try to protect their buyers. Even telling the Feds to fuck themselves. Looking forward to this…



What am I doing? I'm talking to an empty telephone
 
Posts: 13144 | Location: Down South | Registered: January 16, 2010Reply With QuoteReport This Post
Just Hanging Around
posted Hide Post
More security sounds good to me.
 
Posts: 3292 | Location: NE Kansas | Registered: February 24, 2007Reply With QuoteReport This Post
Savor the limelight
posted Hide Post
At a swim meet, my son was asleep between events and one of his teammates used my son's sleeping face to unlock my son's phone and change my son's lockscreen picture to one of my son sleeping at the meet.

I laughed at first, then I thought about the security issues.

More security is good.
 
Posts: 12018 | Location: SWFL | Registered: October 10, 2007Reply With QuoteReport This Post
Baroque Bloke
Picture of Pipe Smoker
posted Hide Post
quote:
Originally posted by trapper189:
At a swim meet, my son was asleep between events and one of his teammates used my son's sleeping face to unlock my son's phone and change my son's lockscreen picture to one of my son sleeping at the meet.

I laughed at first, then I thought about the security issues.

Hm… My iPhone doesn’t recognize my face if my eyes are closed.



Serious about crackers
 
Posts: 9701 | Location: San Diego | Registered: July 26, 2014Reply With QuoteReport This Post
Savor the limelight
posted Hide Post
They must have gotten him to open his eyes for a second.
 
Posts: 12018 | Location: SWFL | Registered: October 10, 2007Reply With QuoteReport This Post
Thank you
Very little
Picture of HRK
posted Hide Post
Sounds like a good step in the right direction, now they just need to create a setting where you login, find the phone and enable a reverse shock from the charging ring that equals a stun gun... then explodes with purple dye like banks use for robberies

It needs a setting where you can instruct the phone to erase all data, and it plays the line from Mission Impossible " This device will self distruct in 5, 4, 3, 2, 1" then sends out smoke and explodes.
 
Posts: 24668 | Location: Gunshine State | Registered: November 07, 2008Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by trapper189:
They must have gotten him to open his eyes for a second.
Or he wears sun glasses and turned off "Require attention for Face ID." See: How to get Face ID to work when wearing sunglasses



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26034 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Legalize the Constitution
Picture of TMats
posted Hide Post
Thanks, para. Good information to have.


_______________________________________________________
despite them
 
Posts: 13762 | Location: Wyoming | Registered: January 10, 2008Reply With QuoteReport This Post
Baroque Bloke
Picture of Pipe Smoker
posted Hide Post
quote:
Originally posted by ensigmatic:
quote:
Originally posted by trapper189:
They must have gotten him to open his eyes for a second.
Or he wears sun glasses and turned off "Require attention for Face ID." See: How to get Face ID to work when wearing sunglasses

A dangerous option for obvious reasons.



Serious about crackers
 
Posts: 9701 | Location: San Diego | Registered: July 26, 2014Reply With QuoteReport This Post
Member
Picture of cparktd
posted Hide Post
IIRC.
Turning off "Requires Attention for Face ID" reduces the chance of someone else's face unlocking your phone from 1 in a million to 1 in 500k.

That by itself would be irrelevant to me...



Collecting dust.
 
Posts: 4219 | Location: Middle Tennessee | Registered: February 07, 2013Reply With QuoteReport This Post
Baroque Bloke
Picture of Pipe Smoker
posted Hide Post
quote:
Originally posted by cparktd:
IIRC.
Turning off "Requires Attention for Face ID" reduces the chance of someone else's face unlocking your phone from 1 in a million to 1 in 500k.

That by itself would be irrelevant to me...

Perp knocks you unconscious. Perp holds iPhone up to your face to unlock it, then takes your iPhone and changes its 6-digit passcode.



Serious about crackers
 
Posts: 9701 | Location: San Diego | Registered: July 26, 2014Reply With QuoteReport This Post
Just Hanging Around
posted Hide Post
You’d have the same problem with a fingerprint.
 
Posts: 3292 | Location: NE Kansas | Registered: February 24, 2007Reply With QuoteReport This Post
Peace through
superior firepower
Picture of parabellum
posted Hide Post
quote:
Originally posted by Pipe Smoker:
Perp knocks you unconscious. Perp holds iPhone up to your face to unlock it, then takes your iPhone and changes its 6-digit passcode.
For Heaven's sake. Cut it out. Roll Eyes
 
Posts: 110098 | Registered: January 20, 2000Reply With QuoteReport This Post
I swear I had
something for this
posted Hide Post
quote:
Originally posted by Pipe Smoker:
Perp knocks you unconscious. Perp holds iPhone up to your face to unlock it, then takes your iPhone and changes its 6-digit passcode.


Won't work unconscious. FaceID requires both eyes open and looking forward to unlock.
 
Posts: 4612 | Location: Kansas City, MO | Registered: May 28, 2004Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by DanH:
quote:
Originally posted by Pipe Smoker:
Perp knocks you unconscious. Perp holds iPhone up to your face to unlock it, then takes your iPhone and changes its 6-digit passcode.
Won't work unconscious. FaceID requires both eyes open and looking forward to unlock.
Unless, as I noted seven posts back, they've disabled "Require attention for Face ID."



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26034 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Member
Picture of Pyker
posted Hide Post
How to stop someone from changing your iPhone passcode or gaining access to your icloud account if your phone or passcode is stolen or phished:



 
Posts: 2763 | Location: Lake Country, Minnesota | Registered: September 06, 2019Reply With QuoteReport This Post
Member
Picture of konata88
posted Hide Post
So it seems like my phone supports this now. Disabled by default.

Has anybody been using this? Recommended or not?




"Wrong does not cease to be wrong because the majority share in it." L.Tolstoy
"A government is just a body of people, usually, notably, ungoverned." Shepherd Book
 
Posts: 13224 | Location: In the gilded cage | Registered: December 09, 2007Reply With QuoteReport This Post
Seeker of Clarity
Picture of r0gue
posted Hide Post
This is a horrifying thought. Losing physical possession and authentication/authorization access to your phone would be catastrophic.

Make sure you've amped up your pin-code, and never let a stranger touch your phone. Think of it like a wallet with your life savings in it and treat in accordingly. This includes when you go for tech support somewhere.

The new protections can't come soon enough. I don't do banking on phone apps, but one's primary email is really a "keys to the kingdom" breach if you think about it. So much can be controlled and reset through there.


It would be smart to think of everything you have auth'ed to your phone, and have a list, for you to reset quickly if lost. Starting with primary email.





 
Posts: 11474 | Registered: August 02, 2004Reply With QuoteReport This Post
Down the Rabbit Hole
Picture of Jupiter
posted Hide Post
New iPhones don't have the touch pad and I don't use faceID for anything and keep the front facing camera covered at all times, I will not be using this feature. Apple is making it harder and harder for users to cover front facing cameras and still have the phone usable.

This will be the next step at some point.

World's First Under-Display Camera Smartphone is HERE

https://www.youtube.com/watch?v=Y5Dbcw7QWRo


Diligentia, Vis, Celeritas

"People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf."
-- George Orwell

 
Posts: 4968 | Location: North Mississippi | Registered: August 09, 2002Reply With QuoteReport This Post
  Powered by Social Strata Page 1 2  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    A new security feature for the iPhone- Stolen Device Protection

© SIGforum 2024