Stolen Device Protection to thwart iPhone thieves with passcodes with time delay
If a thief can steal an iPhone and passcode, they can lock the user out of their Apple ID and wreak havoc within seconds, but Apple's Stolen Device Protection feature coming in iOS 17.3 will stop that from happening.
Stolen Device Protection
A February report revealed that iPhone users were being targeted by thieves that would use sneaky tactics to learn a device passcode, then steal the device. As the thief gets away, they can use the passcode to change the Apple ID password, kick the user out of signed-in devices, and have complete control of the account within seconds.
Apple will solve this issue by implementing an optional security delay to alter critical information in a future iOS update. The feature is called Stolen Device Protection and will activate when outside of trusted locations like home or work.
With Stolen Device Protection active, users won't be able to change critical portions of their Apple ID or device settings without waiting an hour and authenticating biometrics twice. Theoretically, a theft victim would notice their device has gone missing within the hour window, allowing them to set the iPhone to Lost Mode and stopping device access or account changes from being possible.
Since users won't be able to rely on the passcode fallback option, biometrics will be required for various actions with Stolen Device Protection enabled.
Biometrics are required when:
- Using passwords or passkeys saved in Apple Passwords
- Applying for a new Apple Card
- Viewing the Apple Card virtual card
- Turning off Lost Mode
- Erasing all content and settings
- Take certain Apple Cash and Savings actions in Wallet
- Using payment methods saved in Safari
- Using your iPhone to set up a new device
The above actions will prompt the user for biometrics like Face ID or Touch ID to continue. A thief will likely not be able to fake biometric authentication.
Certain operations will still fall back to a passcode, like when authenticating Apple Pay. In that instance, users will be able to use their bank's fraud protection to get funds back if a thief makes an unauthorized transaction.
The security delay will appear when attempting to change critical settings like the Apple ID password. If the thief tries to access the following settings, they must authenticate biometrics, agree to a one hour delay, then authenticate biometrics again after the hour to complete the action.
Security delay occurs when:
- Changing your Apple ID password
- Updating Apple ID account security settings, like removing a trusted device, trusted phone number, Recovery Key, or Recovery Contact
- Changing your iPhone passcode
- Adding or removing Face ID or Touch ID
- Turning off Find My
- Turning off Stolen Device Protection
Trusted locations learned by the system, like home or work, remove the security delay. The security delay applies even with biometrics present, so it may be inconvenient to wait an hour every time one of the above settings needs to be altered, so trusted locations alleviate that.
Stolen Device Protection should give victims enough time to discover their device is missing, log into their Apple ID, and then activate Lost Mode. Once the device is in Lost Mode, the thief can no longer access the device, alter settings, or do anything without biometrics.
Thanks to that one hour delay, if thieves somehow steal a device, unlock it with a known passcode, navigate to the Settings page to initiate a change, then trick the victim into verifying biometrics for that first scan, the theif would still need to wait another hour to complete the change. It is incredibly unlikely that the thief will stick around or have access to the victim twice in that hour, eliminating the ability for things like Apple ID passwords to be changed by theives altogether.
An Apple representative explained that Stolen Device Protection is available in beta as a toggle in Face ID & Passcode settings. A later iOS release, likely the full release of iOS 17.3, will present the feature to users during onboarding.
Read on AppleInsider
Comments
This appears to be an opt-in measure, so if you feel it's unnecessary, then you can skip it.
Not sure what Google's 2FA has to do with it.
Also, if you've been victimized several times, it would seem you would welcome the measure.
Also älso, Apple has introduced a number of security features over the years that make stealing their portable devices less likely to be profitable for the thief, so it seems they've already buttered their bread on the side of profiting from selling devices specifically made to be less likely to be stolen, rather than profiting from volume sales of devices that are frequently stolen.
1) Password protect Settings and let me make it a different passcode or PIN than my device login.
2) Password protect network settings, even in Control Panel, and let me make it a different passcode or PIN than my device login. They allow you the option to password protect networks changes in macOS.
3) Back in the Touch ID days, allow for a "poison finger" that would lock the device thereby requiring the passcode or PIN if the wrong finger was used. Not possible with Face ID but it is nice that you can hold down the Side and a Volume button to call the screen to turn off the device or make an emergency call, which then disables Face ID until the passcode or PIN has been entered.
4) Your idea to prevent the device from turning off when you're not in a trusted area without being properly authenticated. I'd like it to simply allow a restart because issues with an OS can occur. Thieves could also use a Faraday bag and then take it to a location with a Faraday cage, but that kind of effort take some start up capital and more planning so it would work has a deterrent.
PS: I recommend to not use a PIN. Use a complex passcode. You have those long-press characters on the iOS and Mac keyboards, too, which means you can make a simple 4-character passcode that has over 3 billion possible combinations by using one of those characters. It also makes it a lot more difficult for something to see what you're typing in over a regular keyboard or a number pad.
doesnt screen time passcode work
or do we need more ??
Why the specificity of "American" people? Ah... I see.
I'm not familiar with using ScreenTime's security features. Does it allow you to set a _different_ passcode from your device passcode? Is that to what you are referring?
I think this Stolen Device Protection is another good step forward, as it considers location proximity into the equation. Our Smartphones are getting smarter.
If they send an email out that someone attempted to reset important information and allow the user to block the change, it's possible they can block it from an Apple Watch.
They can perhaps require confirmation of changes from a second Apple device. It's unlikely that thieves will get more than one device.
Usually the trusted device is the phone that was stolen. Two factor authentication isn't required on an already trusted device.
What thieves have been doing is looking over people's shoulders for pin codes or passwords, then stealing the phone. Once they can unlock the phone, they can change the Apple ID and add their own biometrics. Then they can access banking apps and drain their accounts, some people have lost their life savings. They can also lock people out of their other Apple devices (Macs/iPads at home), which makes it harder to track them with Find My (which they can also disable).
Device lock should be prevented from a device that has had its Apple ID changed in suspicious circumstances.
I'd like to be able to lock banking apps inside a vault in addition to this.
It's not just for thieves but device repairs. The repair people ask for device passcodes to replace batteries as they need to check it works. Some people have stolen private photos from people this way.
The more protection on these devices the better.
https://lifehacker.com/how-screen-time-can-save-you-when-your-iphone-is-stolen-1850368491
https://www.macworld.com/article/1920786/how-screen-time-can-keep-your-iphone-and-icloud-accounts-safe-from-thieves.html
i also set my screen off after 30 seconds and use FaceTime as much as possible especially in crowded places, trains, etc also don't drink and iPhone don't let strangers use your phone
you must be aware of your surroundings
i and my family did this especially when traveling its a simple thing to do
i only use my financial apps with face id, and vpn and alone never in a crowd