PDA

View Full Version : iOS 7 Allows Siri to Disable Find My iPhone via Airplane Mode in Security/Convenience Trade-Off




MacRumors
Sep 18, 2013, 04:16 PM
http://images.macrumors.com/im/macrumorsthreadlogo.gif (http://www.macrumors.com/2013/09/18/ios-7-security-flaw-allows-siri-to-disable-find-my-iphone/)


In iOS 7, Siri can change a number of settings (http://www.apple.com/ios/whats-new/#siri) on the iPhone, including toggling Bluetooth on and off or changing the screen brightness. As one MacRumors reader noticed, Siri can also activate Airplane Mode, even if a passcode lock is set, allowing a thief to effectively disable Find My iPhone (http://www.apple.com/icloud/find-my-iphone.html) on a stolen device.

http://images.macrumors.com/article-new/2013/09/airplanemode.jpg
However, Apple has added some extensive security features to deter phone theft in iOS 7, most notably the Activation Lock feature (http://www.macrumors.com/2013/07/18/government-officials-bring-in-security-experts-to-test-ios-7s-activation-lock-feature/) that prevents a lost or stolen iPhone from being activated without the Apple ID password used to erase the phone.

Activation Lock makes it so that even if a phone is stolen, Find My iPhone disabled, and then erased, the phone is still unable to be activated and used without the proper Apple ID.

San Francisco District Attorney came out in support of Activation Lock (http://www.macrumors.com/2013/07/23/san-francisco-district-attorney-impressed-by-ios-7s-activation-lock-feature/), saying that "clear improvements" had been made to deter criminals.

Update: Commenters have noted that users can also turn Airplane Mode on from the Control Center by swiping up from the lock screen. Lock screen Control Center access can be disabled from the Settings/Control Center panel. Find My iPhone can also be effectively disabled by turning the phone off.

Thanks Greg!

Article Link: iOS 7 Allows Siri to Disable Find My iPhone via Airplane Mode in Security/Convenience Trade-Off (http://www.macrumors.com/2013/09/18/ios-7-security-flaw-allows-siri-to-disable-find-my-iphone/)



OldSchoolMacGuy
Sep 18, 2013, 04:18 PM
I've already stolen 6 phones using this!

MOKHAN
Sep 18, 2013, 04:18 PM
It's so tempting to upgrade to iOS 7 right now! I know the little kinks will kill me though.
Ahh the dilemma!

TheKrs1
Sep 18, 2013, 04:18 PM
To be fair, this doesn't actually disable Find my Phone. It just interrupts the connectivity of the device. Which they could also do by powering off the phone, or putting in an area with no service?

peteullo
Sep 18, 2013, 04:19 PM
It's not a flaw, it's a reason to upgrade to the new iPhone 5s! ;)

sshhoott
Sep 18, 2013, 04:19 PM
What if this is a trick which makes the thief think Find my iPhone is off when it really is on.

Primus84
Sep 18, 2013, 04:20 PM
Control centre can do this too.

campingsk8er
Sep 18, 2013, 04:21 PM
Sometimes, I think its worse to announce things, such as this, allowing a thief to effectively do this. I'm not saying things don't fall through, but how is it that all of us developers( and even more non-developers) had iOS7 for 3 months now, and it hasn't come up until now?

SimonTheSoundMa
Sep 18, 2013, 04:21 PM
Just swipe up for control centre, switch on air-plane mode. I disabled it on the lock screen for this very reason.

TWSS37
Sep 18, 2013, 04:21 PM
Cutting off fingers is so much easier

killramos
Sep 18, 2013, 04:22 PM
This isn't a bug or even news worthy. You can also enable airplane mode by swiping up on the lock screen WITHOUT your pass code . It's a feature, not a bug lol...

I find it quite convenient...

wordoflife
Sep 18, 2013, 04:22 PM
So now what do you do when you have a phone that isn't connected to cellular or Wifi, and you don't know the password :confused:

But yeah they should fix that, I guess. At the same time, the same could be achieved by popping out the SIM.

TheKrs1
Sep 18, 2013, 04:22 PM
Cutting off fingers is so much easier

Apparently not, since it apparently only works on living tissue.

TWSS37
Sep 18, 2013, 04:23 PM
Apparently not, since it apparently only works on living tissue.

I didnt say what it was easier for

Solomani
Sep 18, 2013, 04:24 PM
Thief: Siri, enable Airplane Mode.

Siri: Yes, of course. As soon as I identify your valid fingerprint, Sir.

Thief: Damn you, Siri! Damn you!

Siri: (quietly reporting the location of thief to authorities and stolen iPhone registry)

TheKrs1
Sep 18, 2013, 04:24 PM
Sometimes, I think its worse to announce things, such as this, allowing a thief to effectively do this. I'm not saying things don't fall through, but how is it that all of us developers( and even more non-developers) had iOS7 for 3 months now, and it hasn't come up until now?

Because it isn't a flaw with Find My iPhone. It doesn't disable the app or the functionality. Someone is just jumping up and down because a theif can use siri to disable the phones radios, thereby hindering Find my iPhone from tracking the device. ... Which, the theif can just as easily do by turning the device off.

needfx
Sep 18, 2013, 04:24 PM
"I'm sorry Greg, I can't let you do that"

Superdrive
Sep 18, 2013, 04:24 PM
Control centre can do this too.

I had to frustratingly turn CC off on the lock screen for this reason. A pass code should be required for some tasks.

Edit: A code (if enabled) should be required to turn the phone off too.

joejoejoe
Sep 18, 2013, 04:25 PM
They should remove the functionality from Siri, but being that Airplane Mode is also controlled by control center, that won't really help the average user.

Apple should necessitate a passcode to turn on airplane mode and to turn off the phone. Will be easier for users to swallow once the fingerprint sensor becomes more ubiquitous but this is really the only way we can fully prevent thieves from disabling find my iphone quickly.

nikhsub1
Sep 18, 2013, 04:26 PM
Anyone who has siri enabled when the phone is locked is asking for trouble... if you DISABLE siri on the lockscreen, there is no issue whatsoever. However, as stated you can turn airplane mode on via control center anyway...

Rogifan
Sep 18, 2013, 04:26 PM
More nothing stories just to increase page views. If this is such a security flaw why is it just coming up now when devs have had iOS for months?

Gjwilly
Sep 18, 2013, 04:27 PM
This is a total non-story.
Is turning off the phone also a security flaw because that also disables Find My iPhone?
What's the thief going to do?
Keep it in Airplane mode forever and just get his jollies playing with your Angry Birds?
:rolleyes:

edgonzalez32
Sep 18, 2013, 04:28 PM
well thats not good.

SimonTheSoundMa
Sep 18, 2013, 04:29 PM
Edit: A code (if enabled) should be required to turn the phone off too.
This is one thing I really want!

mrbrown
Sep 18, 2013, 04:30 PM
This headline is totally misleading. It's one thing if you could tell Siri, "Disable Find my iPhone" while it was locked... it's something totally different if you can just enable Airplane Mode.

ominx
Sep 18, 2013, 04:31 PM
Wow. Security flaw? Really? I'm surprised MR would go there with this.

BREAKING: A thief can disable "Find My iPhone" by removing the SIM card or powering off an iPhone. Case designers planning response with shackled cases blocking access to SIM card tray and home button.

TheKrs1
Sep 18, 2013, 04:31 PM
Update: Commenters have noted that users can also turn Airplane Mode on from the Control Center by swiping up from the lock screen. Lock screen Control Center access can be disabled from the Settings/Control Center panel. Find My iPhone can also be effectively disabled by turning the phone off.


I'm not sure we have been saying that "Find my iPhone can be effecitvely disabeled". Yes, while the phone is in this mode Apple cannot track the phone. However, the feature is still enabled on the device. If the device comes back online at any time, Find my iPhone would work again.

seamer
Sep 18, 2013, 04:31 PM
I had to frustratingly turn CC off on the lock screen for this reason. A pass code should be required for some tasks.

Edit: A code (if enabled) should be required to turn the phone off too.

What about those times when your phone isn't responding properly and you have to do a hard reset on it? I'm not waiting for hours for my battery to die just so I can restart...

TheKrs1
Sep 18, 2013, 04:32 PM
Wow. Security flaw? Really? I'm surprised MR would go there with this.

BREAKING: A thief can disable "Find My iPhone" by removing the SIM card or powering off an iPhone. Case designers planning response with shackled cases blocking access to SIM card tray and home button.

Do the new cases also teather the device to the power grid, so the battery can never die either?

SimonTheSoundMa
Sep 18, 2013, 04:32 PM
It's ok, no need to panic.

http://i.imgur.com/R8gTbe5.png

furi0usbee
Sep 18, 2013, 04:35 PM
This is why Apple needs to test these devices in a way that a normal user won't use it. Most exploits are found trying to do something the app wasn't meant to do, or to be taken advantage of. I never trust a company to test/debug their own stuff, because they test it as it supposed to work. Hackers and people looking to break it test it as it's not supposed to work.

avanpelt
Sep 18, 2013, 04:35 PM
Unless I'm missing something, isn't Activation Lock active on the phone as long as Find My iPhone is turned on -- even if the phone is in Airplane Mode? I thought the whole idea behind Activation Lock was so that if a thief wipes the phone to try to sell it, they won't be able to get past having to enter the original user's Apple ID and password, right?

Or does the phone have to be pinged with the "You've been lost" message from Find My iPhone in order for Activation Lock to be engaged?

EDIT: Never mind. I needed to read further in the original story to get the answer to my question. It does seem that Activation Lock continues to stay intact even if Airplane mode is turned on and the phone is wiped. Not sure why this Airplane mode/Siri deal is even a story. Make sure Find My iPhone is enabled on your phone when you upgrade to iOS 7, folks.

taedouni
Sep 18, 2013, 04:36 PM
It's not a flaw. It's the way that it was designed to work. A thief cannot sell a functional iPhone with iOS 7. When they wipe the phone they will need the password to the previous owner's Apple ID .

RRmalvado
Sep 18, 2013, 04:36 PM
I love all the apologists who are always hyper-rational when an Apple device has a flaw.

TheKrs1
Sep 18, 2013, 04:39 PM
I love all the apologists who are always hyper-rational when an Apple device has a flaw.

There are a few flaws with iOS 7 that I will not "apologize" for. This however is functionality. People asked for siri to be able to activate system settings ... like Siri. Now that it is here, it's being sold as a security flaw... but in reality it doesn't DISABLE find my iPhone, like the story's headline claims.

spyguy10709
Sep 18, 2013, 04:39 PM
I love all the apologists who are always hyper-rational when an Apple device has a flaw.

It's not a flaw. You could just turn the device off so why bother with Siri?

c0LdFire
Sep 18, 2013, 04:39 PM
This is retarded and should be deleted before it stirs up incorrect rumors. This is like saying "iPhones have a critical security flaw: THE SIM CARD CAN BE REMOVED BY SOMEONE OTHER THEN THE OWNER!"

mikeorchard
Sep 18, 2013, 04:42 PM
Gotta get the ad revenue somehow on a busy day where every site and their dog are talking about iOS 7.

ominx
Sep 18, 2013, 04:43 PM
Do the new cases also teather the device to the power grid, so the battery can never die either?

That's planned for the second generation. Estimated release Q3 2014.

Trekkie
Sep 18, 2013, 04:44 PM
Wow. Nice horrible link bait headline there MacRumors. You guys usually do better than that.

I know 'Siri can be used to disable things while locked' is not near as cool a headline, but 'Disable find my iPhone?' nope. She goes 'Turn off what?' and won't touch it.

Airplane mode won't do it either, because of teh new changes (you do mention) but not nearly as bad as the headline makes it.

troop231
Sep 18, 2013, 04:48 PM
Apparently not, since it apparently only works on living tissue.

I believe tissue isn't dead the moment it is severed from the body.

RRmalvado
Sep 18, 2013, 04:53 PM
There are a few flaws with iOS 7 that I will not "apologize" for. This however is functionality. People asked for siri to be able to activate system settings ... like Siri. Now that it is here, it's being sold as a security flaw... but in reality it doesn't DISABLE find my iPhone, like the story's headline claims.

Ok, so would it be better if the story read "Siri can activate Airplane Mode, which in turn disables Find My iPhone?

It's not a flaw. You could just turn the device off so why bother with Siri?

Maybe Apple can implement an option, where if you have your Passcode enabled you need it to turn the phone off.

I know it's hard to find suitable solutions, but every so-called negative article about Apple does not have to come with an influx of people who want to defend Apple's EVERY move/slight.

Be objective, if it were up to you people MMS, Control Center, changing backgrounds, multitasking, etc. would not be in iOS.

danielowenuk
Sep 18, 2013, 04:54 PM
http://forums.macrumors.com/showthread.php?t=1638282

I asked about this earlier today, but then I the sense to acknowledge it was a silly question ;-)

tommyminahan
Sep 18, 2013, 04:54 PM
http://www.mememaker.net/static/images/memes/2322702.jpg

Locoboof
Sep 18, 2013, 04:57 PM
Edit: A code (if enabled) should be required to turn the phone off too.[/QUOTE]

Very very good idea

Bhatu
Sep 18, 2013, 04:58 PM
With new iOS7 Siri has gone a bit more intelligent.

Whats next?!

Siri becomes Dr. Evil and conquers the world! :p :p

https://lh5.googleusercontent.com/-YmWK-yA6umM/AAAAAAAAAAI/AAAAAAAAAP0/KrUotMphyF4/photo.jpg?sz=160

1Life
Sep 18, 2013, 05:02 PM
I've always found the Find My iPhone feature useful when I misplace my iPhone but I'm positive it is probably useless if it got stolen. A couple of family members got their phones stolen and were able to track the phone using this feature. The cops told them to open a police report and did nothing. The service provider (Sprint) said they couldn't do anything except disable the phone on their network. So unless you are willing to go into vigilante mode it is a useless feature for theft IMO.

baryon
Sep 18, 2013, 05:06 PM
With the 5S, surely it would be more practical to make it impossible to change anything without a fingerprint verification? It takes no more time than pressing the home button, which you have to press anyway to wake the device. Might as well not allow ANY action (Siri, Control Centre, power off, etc…) without a fingerprint.

Black Magic
Sep 18, 2013, 05:17 PM
Ok, so I disabled Control Center use on the Lock Screen and I disabled Siri use when the phone is locked. Problem solved.

bit density
Sep 18, 2013, 05:21 PM
A friend of mine had his phone and the rest off his stuff stolen when he went into to the pro-shop after his golf game. Local pro had him sign in with his appleID and he could see where the phone was going... 911 said, they actually had some free police resources, and they chased the guy through seattle, where he finally got out of the van and ran on foot. They recovered apparently thousands of dollars worth of stuff from the van, and the cops gave him his phone and stuff back, and they impounded the rest for evidence. It can work...

theheadguy
Sep 18, 2013, 05:22 PM
To be fair, this doesn't actually disable Find my Phone. It just interrupts the connectivity of the device. Which they could also do by powering off the phone, or putting in an area with no service?
I don't think the 'news' here is that a person is capable of turning off a phone. The news is that you can disable it while still having the phone on and connecting it to a computer or trying to hack into it in some way without the phone being able to broadcast it's location. Everyone knows you can turn the phone off.

nikhsub1
Sep 18, 2013, 05:25 PM
Ok, so would it be better if the story read "Siri can activate Airplane Mode, which in turn disables Find My iPhone?
No. First, you can turn airplane mode off via control center so the Siri aspect is moot. Especially when Siri can and should be disabled when the phone is locked. Second, turning airplane mode off does not turn find my iphone off. This is a non issue/story and someone should be fired.

evansls
Sep 18, 2013, 05:39 PM
Just give me the extra ability to "confirm" that I want to enable airplane mode or turn off my phone via siri/control center/lock screen by prompting me to enter a password or use Touch ID. I could see this function only appear should I have the security setting enabled. That should solve the "problem" right there.

thuchu1
Sep 18, 2013, 05:58 PM
"Security flaw" number two: Find my iPhone can be disabled by smashing the phone!

The point is that a stolen device is now useless to the the of, which this doesn't bypass by any means.

peteullo
Sep 18, 2013, 06:01 PM
What if this is a trick which makes the thief think Find my iPhone is off when it really is on.

That would actually be a not so bad idea! But I doubt that's what is happening here :-\

HiRez
Sep 18, 2013, 06:08 PM
To be fair, this doesn't actually disable Find my Phone. It just interrupts the connectivity of the device. Which they could also do by powering off the phone, or putting in an area with no service?

Along the same lines, you should have an option to require passcode/Touch ID to power off the phone (I mean shut down, not sleep). Then a phone could still be tracked even if stolen, at least until the battery runs out.

dannys1
Sep 18, 2013, 06:10 PM
They should remove the functionality from Siri, but being that Airplane Mode is also controlled by control center, that won't really help the average user.

Apple should necessitate a passcode to turn on airplane mode and to turn off the phone. Will be easier for users to swallow once the fingerprint sensor becomes more ubiquitous but this is really the only way we can fully prevent thieves from disabling find my iphone quickly.

Well, apart from they can just remove the sim card...

----------

Along the same lines, you should have an option to require passcode/Touch ID to power off the phone (I mean shut down, not sleep). Then a phone could still be tracked even if stolen, at least until the battery runs out.

Unless they remove the sim card...

ERIC273
Sep 18, 2013, 06:13 PM
This isn't a bug or even news worthy. You can also enable airplane mode by swiping up on the lock screen WITHOUT your pass code . It's a feature, not a bug lol...

I find it quite convenient...

You can also, get this, turn off the phone! ELITE HACKS!

JUiCEJamie
Sep 18, 2013, 06:14 PM
Wait a minute? Wasn't there something to do with Find My iPhone still working when Apple issued the iOS 7 beta in the Dev Portal?

rdlink
Sep 18, 2013, 06:15 PM
Edit: A code (if enabled) should be required to turn the phone off too.

Very very good idea[/QUOTE]

So does that mean your battery isn't allowed to run down if you don't have a code…?

Casiotone
Sep 18, 2013, 06:16 PM
I don't think the 'news' here is that a person is capable of turning off a phone. The news is that you can disable it while still having the phone on and connecting it to a computer or trying to hack into it in some way without the phone being able to broadcast it's location. Everyone knows you can turn the phone off.

You can remove the SIM card to achieve the same effect and still be able to keep the phone on, connect it to a computer and "try to hack into it", so your point is moot.

sclawis300
Sep 18, 2013, 06:20 PM
What about those times when your phone isn't responding properly and you have to do a hard reset on it? I'm not waiting for hours for my battery to die just so I can restart...

oh gosh...the phone should require a passcode before the battery is allowed to die. (i was thinking the exact same thing about the hard reset...great minds)

----------

It's not a flaw. It's the way that it was designed to work. A thief cannot sell a functional iPhone with iOS 7. When they wipe the phone they will need the password to the previous owner's Apple ID .

the best they can get is an iphone constantly in airplane mode and hope that they like your taste in music and games.

Edit: I guess they could connect to the internet with wifi too.

Casiotone
Sep 18, 2013, 06:28 PM
oh gosh...the phone should require a passcode before the battery is allowed to die. (i was thinking the exact same thing about the hard reset...great minds)

----------



the best they can get is an iphone constantly in airplane mode and hope that they like your taste in music and games.

Edit: I guess they could connect to the internet with wifi too.

Connecting to WiFi would broadcast the iPhone location to Find my iPhone servers, it doesn't require a cellular connection to work.

FlatlinerG
Sep 18, 2013, 06:28 PM
Misleading title is misleading.

In other news, breathing causes cancer! (insert an article here about cigarette smoke)

Dagless
Sep 18, 2013, 06:29 PM
Fix imminent no doubt.

campingsk8er
Sep 18, 2013, 06:33 PM
Because it isn't a flaw with Find My iPhone. It doesn't disable the app or the functionality. Someone is just jumping up and down because a theif can use siri to disable the phones radios, thereby hindering Find my iPhone from tracking the device. ... Which, the theif can just as easily do by turning the device off.

I didn't say it was a flaw, I'm just wondering why one of us never realised it.

thebiggmann
Sep 18, 2013, 07:04 PM
Maybe I'm missing something but I just deleted Find My iPhone from my ipad and you can't locate it. Find my iPhone isn't a perfect solution, especially if you don't use a password. Apple should require Apple ID verification to delete the app or do anything disabling its functionality.

reboot81
Sep 18, 2013, 07:07 PM
Misleading headline.

HowEver
Sep 18, 2013, 07:34 PM
You can't disable Activation Lock without signing into iCloud.

You also can't disable PreyProject without its own password, so that's worth adding too.

denco101
Sep 18, 2013, 07:37 PM
That would actually be a not so bad idea! But I doubt that's what is happening here :-\

OSX "guest" mode, anyone?

Chemeddy
Sep 18, 2013, 07:53 PM
Maybe I'm missing something but I just deleted Find My iPhone from my ipad and you can't locate it. Find my iPhone isn't a perfect solution, especially if you don't use a password. Apple should require Apple ID verification to delete the app or do anything disabling its functionality.

Find My iPhone functionality is dependent on your settings under iCloud. Nothing to do with the app. The app allows you to track iDevices, which you can do so anyway from any other iDevice with the app, or via iCloud.com.

cashxx
Sep 18, 2013, 07:57 PM
I believe you can turn off Control Center and Siri at the lock screen!!

Control Center:
Settings -> Control Center -> Access on Lock Screen

Siri:
Settings -> General -> Passcode Lock -> Siri (ALLOW ACCESS WHEN LOCKED)
- Enable passcode and switch Siri Off

donutbagel
Sep 18, 2013, 08:05 PM
Sometimes, I think its worse to announce things, such as this, allowing a thief to effectively do this. I'm not saying things don't fall through, but how is it that all of us developers( and even more non-developers) had iOS7 for 3 months now, and it hasn't come up until now?

You could also just turn the iPhone off, which is much more obvious.

----------

I believe you can turn off Control Center and Siri at the lock screen!!

Control Center:
Settings -> Control Center -> Access on Lock Screen

Siri:
Settings -> General -> Passcode Lock -> Siri (ALLOW ACCESS WHEN LOCKED)
- Enable passcode and switch Siri Off

Yeah, which has always been useful since you can send messages with Siri and troll in other ways like deleting alarms. Siri on the lock screen is a sacrifice of security for a lot of convenience.

xplora
Sep 18, 2013, 08:08 PM
Find my iOS device prior to iOS 7:

When set could be turned off, or the account deleted with no login required, so wiping the device was an easy way around it, passcode only stopped thieves from getting into the phone, and restrictions could stop the service from being turned off and the account from being removed, but if the device could still be wiped.

After iOS 7:

To turn off, to remove the account, to wipe the device, or in the event the device is wiped, to re-activate the device, all require logging into the iCloud account the device had the Find my iOS device service enabled for.

What remains unaffected:

Anything that disables the devices ability to call home, such as removing the sim card, turning off the phone, airplane mode, turning off wifi, turning off mobile data, placing the device into a metal box, taking the device out of range of wifi or cellular (where possible) services, and most importantly, turning the device off.

Through Siri and/or Control Center, some of the above has been made easier to access, so long as Siri and/or Control Center have been enabled on the lock screen.

But in the end the average thief with even half a brain will probably just turn the device off until they can get the device wiped. With iOS 7, if the find my device service is enabled, even if the thief manages to wipe the device, they will still need the AppleID to log into when attempting to re-activate the device. And as long as they can not get around that, all they end up with is a brick.

Long story short, this story has been blown way out of proportion.

sclawis300
Sep 18, 2013, 08:31 PM
Connecting to WiFi would broadcast the iPhone location to Find my iPhone servers, it doesn't require a cellular connection to work.

so then they get a device that they can never update, download anything new, or get on the internet. Sounds like stealing it would be a big waste of time.

terraphantm
Sep 18, 2013, 08:34 PM
I believe tissue isn't dead the moment it is severed from the body.

There won't be a pulse though. And the temperature would drop off pretty quickly

spazzcat
Sep 18, 2013, 08:37 PM
I had to frustratingly turn CC off on the lock screen for this reason. A pass code should be required for some tasks.

Edit: A code (if enabled) should be required to turn the phone off too.

Should a code be required for the battery to die too? Your not going to stop someone if they want to steal your phone...

cclloyd
Sep 18, 2013, 08:44 PM
I hope that the new version of iCaughtU Pro still allows for disabling airplay mode when locked.

----------

More nothing stories just to increase page views. If this is such a security flaw why is it just coming up now when devs have had iOS for months?

We really REALLY... didn't care.

JAT
Sep 18, 2013, 08:59 PM
Another major security flaw:
If a thief kills you and steals your phone, it will be some time before anyone notices/cares about the phone. Apple should hire people to follow all their customers around just in case.

:rolleyes::rolleyes:

AppleScruff1
Sep 18, 2013, 09:00 PM
I've already stolen 6 phones using this!

I'll buy one from you. Cheap. :D

Anonymous Freak
Sep 18, 2013, 09:26 PM
For best security, disable the ability to do *ANYTHING* when locked.

To do this, go in to Settings, and go to:
Notification Center -> disable both options in "Access On Lock Screen" at top.
Control Center -> disable "Access on Lock Screen"
General -> Passcode Lock -> disable every item under "Allow Access when Locked".

For better security, turn off "Simple Passcode". This will disable the four-digit PIN-style passcode, and allow you to use an arbitrary-length passcode consisting of any character you can type on the on-screen keyboard. And make sure you have it set to lock immediately.

theBB
Sep 18, 2013, 09:50 PM
Apple should necessitate a passcode to turn on airplane mode and to turn off the phone. Will be easier for users to swallow once the fingerprint sensor becomes more ubiquitous but this is really the only way we can fully prevent thieves from disabling find my iphone quickly.
It would not fully prevent anything. You can just wrap a phone in aluminum foil to disable its cellular connection. Passcode to enter airplane mode or turn off the phone would not really improve security. It would just be annoying.

charlituna
Sep 18, 2013, 10:10 PM
Just swipe up for control centre, switch on air-plane mode. I disabled it on the lock screen for this very reason.

while i think it is a bit of FUD to call this a security flaw (since you can power off the phone to the same effect) I do agree with the general idea that perhaps Apple should tweak things so if you turn off Control Center from the lock screen said functions are also turned off for Siri.

osaga
Sep 18, 2013, 10:10 PM
Slightly off topic, but you know what reeeaaaaally bothers me about spotlight search? If you search for something you typed in an old text message, like from say a year ago, spotlight search will find it, but when you click on the search result, it delivers you to the latest text in your conversation, not the message you searched for. You have to flip through "load previous messages" for an hour to get to actually it, and that's assuming you don't miss it. Why hasn't that been fixed?

charlituna
Sep 18, 2013, 10:17 PM
With new iOS7 Siri has gone a bit more intelligent.

Whats next?!

Siri becomes Dr. Evil and conquers the world! :p :p


Why not, she's already Skynet

----------

Connecting to WiFi would broadcast the iPhone location to Find my iPhone servers, it doesn't require a cellular connection to work.

but if you take it to an area where it hasn't ever connected to the wifi it won't be broadcasting. and it's very likely that any decent thief will do just that. or even better to an area with no wifi.

theheadguy
Sep 18, 2013, 11:54 PM
You can remove the SIM card to achieve the same effect and still be able to keep the phone on, connect it to a computer and "try to hack into it", so your point is moot.
You're clueless of my point as you just furthered it.

joejoejoe
Sep 19, 2013, 02:50 AM
It would not fully prevent anything. You can just wrap a phone in aluminum foil to disable its cellular connection. Passcode to enter airplane mode or turn off the phone would not really improve security. It would just be annoying.

I haven't really seen iPhone thieves carry around aluminum foil.

May be annoying but implementing touch id would solve that.

I didn't say it would fully prevent thieves from disabling internet access, but would prevent. Them from doing so quickly.

Yesterday, a kid stole my friends phone on the bus, grabbed it out of her hand and ran off. She tried findmyiphone soon after and the kid had turned the phone off, eliminating her ability to find it. If there was a pass code necessary to turn off the device or switch on airplane mode, don't you think it would have bought her more time before the phone went offline?

It's not a full proof method, as there doesn't really seem to be a full proof solution out there, but would certainly give a little more cushion towards having time to locate your phone. The way it is now, ppl can shut off the phone or airplane mode it immediately after theft, making findmyiphone kind of useless when it comes to finding a stolen device.

peejack
Sep 19, 2013, 03:13 AM
This website is getting ridiculous and petty.

Gymgenius
Sep 19, 2013, 03:37 AM
Steve would never have allowed this :rolleyes:

jb2017
Sep 19, 2013, 06:41 AM
I don't think this was brought up on previous posts. But if a thief wants to steal your iphone and turn on Airplane mode via Siri on the lockscreen, he still can't do anything with the phone. iOS 7 added a new feature that when the thief goes to restore your iPhone (even if in Airplane mode), he needs to have your 4 digit pin to turn off Find My iPhone for him to restore the iPhone and make it his own. In the end, the thief gets nothing except for a phone that is locked.

So this story should be taken off because it's just the most ridiculous story that will be used to make something that is not.

rikscha
Sep 19, 2013, 06:54 AM
Ok, so I disabled Control Center use on the Lock Screen and I disabled Siri use when the phone is locked. Problem solved.

And also remove the power button, that makes it ultra safe. oh and do you have some glue at hand? Because you know, your SIM card..

kdarling
Sep 19, 2013, 07:25 AM
Cutting off fingers is so much easier

:)

Apparently not, since it apparently only works on living tissue.

Did Apple ever claim that themselves?

I believe tissue isn't dead the moment it is severed from the body.

RF sensors will normally work with a severed finger for about 15 minutes.

After that, infusing the finger with various liquids could make it work as well.

There won't be a pulse though. And the temperature would drop off pretty quickly

AuthenTec's patents and papers indicate that they don't trust checking temperature or pulse, because when a finger is cold, neither parameter is reliable. Plus both can be spoofed, especially temperature.

Instead, they have patents on using other electrical tests, such as checking the inductive value of the object. Unknown if those are in place here.

My question is: why bother cutting off a finger, when... if you have that much access and control to a person... you could just use their finger to unlock it, and then keep it awake while you play around. Or give them a choice of losing a finger or giving you the passcode. It's not like there's any real purchase power with it yet.

Iambrentboi
Sep 19, 2013, 07:36 AM
Siri will allow you to compose a message and dial any number even when your phone is locked. In addition, Siri can give out personal info about the owner's iPhone (provided that those info are saved in the owner's contact entry).

Nimrad
Sep 19, 2013, 07:47 AM
Thief: Siri, enable Airplane Mode.

Siri: Yes, of course. As soon as I identify your valid fingerprint, Sir.

Thief: Damn you, Siri! Damn you!

Siri: (quietly reporting the location of thief to authorities and stolen iPhone registry)

Thief just turns off the phone.

TheKrs1
Sep 19, 2013, 09:33 AM
Ok, so would it be better if the story read "Siri can activate Airplane Mode, which in turn disables Find My iPhone?

Maybe Apple can implement an option, where if you have your Passcode enabled you need it to turn the phone off.

I know it's hard to find suitable solutions, but every so-called negative article about Apple does not have to come with an influx of people who want to defend Apple's EVERY move/slight.

Be objective, if it were up to you people MMS, Control Center, changing backgrounds, multitasking, etc. would not be in iOS.

I think it would be better if the story read "Siri can activiate Airplane Mode, which in turn hinders the functionality of Find My iPhone". Why? There are two reasons.
1. Find my iPhone is not disabled, the settings are all still in place and it is still working. It just doesn't have any radios to communicate.
2. Now that Activation Lock is a feature of Find my iPhone, this headline makes it sound like theives can get around it by turning on airplan mode... which is incorrect.

As I said elsewhere, I do have some gripes with Apple and iOS 7. I'm just stating that this negative article deserves some transparency and fact checking.

theBB
Sep 19, 2013, 10:00 AM
Yesterday, a kid stole my friends phone on the bus, grabbed it out of her hand and ran off. She tried findmyiphone soon after and the kid had turned the phone off, eliminating her ability to find it. If there was a pass code necessary to turn off the device or switch on airplane mode, don't you think it would have bought her more time before the phone went offline?

Bought her more time for what? To gather a posse and bust him at his crib?

I don't think it matters whether it takes 30 seconds or 10 minutes to disable the location updates in the grand scheme of things. As I've said before, there are cheap non-software methods to disconnect a phone from the outside world, so that phone will most likely be offline pretty soon one way or another. The cops do not have much time and resources to track down an actively updating phone beyond a few cases here and there anyways. The idea is to make them all unusable and unsellable, so that thieves learn not to bother stealing iPhones.

JAT
Sep 19, 2013, 10:06 AM
My question is: why bother cutting off a finger, when... if you have that much access and control to a person... you could just use their finger to unlock it, and then keep it awake while you play around. Or give them a choice of losing a finger or giving you the passcode. It's not like there's any real purchase power with it yet.
Yeah, really. Thief can just knock someone out long enough to use the fingerprint and finish whatever they want to do with the phone.

thenicewilly
Sep 19, 2013, 10:13 AM
Hello, "Losing your MacBook feels lousy. Thankfully, Find My MacBook can help you get it back. But if it looks like that’s not going to happen, new security features in OS X Mavericks make it harder for anyone who’s not you to use or sell your device. Now turning off Find My MacBook or erasing your device requires your Apple ID and password. Find My MacBook can also continue to display a custom message, even after your device is erased. And your Apple ID and password are required before anyone can reactivate it. Which means your MacBook is still your MacBook. No matter where it is." Yes all of this will seem unreal and futuristic! I do not think so. There are many programs allowing you to find your stolen treasure: iCloud and Find my Mac or a very good program UndercoverHq. How would you locate your Mac if someone has removed the original hard disk or SSD from it and in just 15 minutes has replaced the internal memory? Without a software or a program to track down your Mac, the thief is safe and you could not have your Mac back and arrest the thief!!!! Why does not Apple provide with its OSX Mavericks the same protection system you have with the iPhone, namely after a complete hard recovery, you must enter the Apple ID and owner password to activate the stolen MacBook? This option would not only be essential but it would represent an added value for not buying a PC! I look forward to read everyone's reaction to my proposal ... Thank you very much!

roadbloc
Sep 19, 2013, 10:24 AM
I don't think this is a security flaw.

Casiotone
Sep 19, 2013, 11:44 AM
You're clueless of my point as you just furthered it.

Yeah just call me clueless instead of trying to explain your point.

spazzcat
Sep 19, 2013, 12:42 PM
I don't think this is a security flaw.

This story really should be removed...

tiguk
Sep 19, 2013, 12:45 PM
In no way is this a security flaw.

It's a design decision, that can be removed in preferences as has already been suggested. For convenience, it's great btw.

But a thief already has the option of switching any phone off, or removing the SIM from the phone. So in what way is this an added risk?

It is a very misleading headline and article and I'm surprised that MacRumors haven't taken it down by now.

morespce54
Sep 19, 2013, 12:49 PM
I don't think this was brought up on previous posts. But if a thief wants to steal your iphone and turn on Airplane mode via Siri on the lockscreen, he still can't do anything with the phone. iOS 7 added a new feature that when the thief goes to restore your iPhone (even if in Airplane mode), he needs to have your 4 digit pin to turn off Find My iPhone for him to restore the iPhone and make it his own. In the end, the thief gets nothing except for a phone that is locked.

So this story should be taken off because it's just the most ridiculous story that will be used to make something that is not.

Actually, he needs your Apple ID *and* your Apple ID password to turn off Find my Phone (not your 4 digits pin - this will only let him use the phone but won't let him turn off Find My Phone... unless he's got your Apple credentials too). And, as mentioned earlier, he also need those to wipe/restore/set your phone too.

iSee
Sep 19, 2013, 01:43 PM
...for Macrumors calling this a security flaw.

Wouldn't the savvy thief already know to turn the device off to evade find my phone? Couldn't the thief then pop the sim?

The fundemental issue here is that Find My iPhone is not a security feature. I never thought until now someone mistake it for one.

Suppose a thief can't turn off network access and can't turn off the phone and has no tin foil to wrap the phone in and doesn't have a car they can simply drive away in to a convenient dead zone and doesn't have a sim eject tool to pop the SIM card with... Suppose such a sad sack thief steals your phone and you use find my iPhone to track him down to confront him? And he puts a gun in your face? Is that good security? Hey maybe you live in Mayberry and can get the police to do it but that still takes time... So again the thief has many ways to beat find my iPhone. Probably your battery dies before then too.

This thread should probably be removed because some people might assume MR is reporting with some credibility or authority and assume it's any actual problem. (And replaced with a mea culpa.)

jb2017
Sep 19, 2013, 02:10 PM
Actually, he needs your Apple ID *and* your Apple ID password to turn off Find my Phone (not your 4 digits pin - this will only let him use the phone but won't let him turn off Find My Phone... unless he's got your Apple credentials too). And, as mentioned earlier, he also need those to wipe/restore/set your phone too.

When I upgraded my beta 7 to the GM version a few days ago, I was restoring my phone via iTunes and when I clicked restore, iTunes told me I cannot proceed until I turn off Find My iPhone. So if the iPhone is locked and stolen, he won't even be able to restore it without having the pin to get into your phone. That is all I was saying. Yes, if he found out your pin, he would still need your Apple ID and password to turn off Find my iPhone

mnhcky911
Sep 19, 2013, 02:37 PM
Not only can you swipe up to see the control panel but you can swipe down also and have access to events, calendar, call log, text messages and the notification center. This is a big problem if anyone can access that information from the lock screen. Defeats the purpose of having a password or lock screen. :eek:

jb2017
Sep 19, 2013, 02:43 PM
Not only can you swipe up to see the control panel but you can swipe down also and have access to events, calendar, call log, text messages and the notification center. This is a big problem if anyone can access that information from the lock screen. Defeats the purpose of having a password or lock screen. :eek:

That is a quick fix just like the Control Center. Just goto your Notification Center settings and uncheck "Notification View" & "Today View" under Access on the Lock Screen.

I don't understand why everyone is blowing this up when you can customize it how you want it.

C DM
Sep 19, 2013, 03:21 PM
Not only can you swipe up to see the control panel but you can swipe down also and have access to events, calendar, call log, text messages and the notification center. This is a big problem if anyone can access that information from the lock screen. Defeats the purpose of having a password or lock screen. :eek:It's an option that you can easily disable. Already not a flaw just because of that.

Also, it only displays notifications there that you already allow to be displayed on the lock screen, not any other ones (not some call log or all of your text messages or something like that).

SoCalMike
Sep 19, 2013, 04:14 PM
So yet again somone finds a work around for the convenicne of controlling your phone while it's locked. Lock the mother up. Period. If you want the convenience center, unlock the phone. I have data I don't want accessed so I lock it up. No, you can not use Siri in lock mode. No, you can not turn on a flashlight in lock mode. No, you can not look at all my photo's because you figured out some nifty way to bypass it, when it was for convenince anyway. If I want a flashlight I'll unlock my damn phone. Apparently is is rocket science. :D

skier777
Sep 19, 2013, 06:04 PM
Edit: A code (if enabled) should be required to turn the phone off too.

I hope you are being sarcastic.

If any part of your phone freezes, you can always reset it by holding down the power button. It is so on almost every electronic device.
You will change your tune when the screen locks up and youre trying to capture a birthday or map your way somewhere. Now you have to wait until the device dies.

This is a technology that will never exist.

ssdeg7
Sep 19, 2013, 07:48 PM
To be fair, this doesn't actually disable Find my Phone. It just interrupts the connectivity of the device. Which they could also do by powering off the phone, or putting in an area with no service?

Or taking the battery off the device :rolleyes:

k1121j
Sep 20, 2013, 06:54 AM
does this activation lock prevent you from selling your phone to someone on ebay????? how will they setup the phone with out your apple ID???

Gjwilly
Sep 20, 2013, 09:13 AM
does this activation lock prevent you from selling your phone to someone on ebay????? how will they setup the phone with out your apple ID???

No.
Every time you restore or reset your phone (which you would normally do before selling it) it prompts you to turn off the feature.

Ries
Sep 20, 2013, 11:15 AM
Apparently not, since it apparently only works on living tissue.

A finger is not dead right after you cut it off. It can live 12 hours in room temperature and 24 hours on ice.

morespce54
Sep 20, 2013, 11:28 AM
When I upgraded my beta 7 to the GM version a few days ago, I was restoring my phone via iTunes and when I clicked restore, iTunes told me I cannot proceed until I turn off Find My iPhone. So if the iPhone is locked and stolen, he won't even be able to restore it without having the pin to get into your phone. That is all I was saying. Yes, if he found out your pin, he would still need your Apple ID and password to turn off Find my iPhone

Good to know!
So, he needs both your PIN and your Apple ID/password to wipe/restore/set-up your iOS7 iPhone. Glad to hear it.

Nevaborn
Sep 22, 2013, 06:09 AM
Heres an idea just make it impossible to turn off find my iPhone.

Always have it on even if phone is turned off it effectively just turns the phone into a very low powered beacon, allowing you to track, lock, alert and wipe.

I love the idea of having to verify Airplane, data and turning off. Will be so much easier with fingerprint scanner in 5s/6 but till then putting in a passcode isnt that taxing.

cjmillsnun
Sep 22, 2013, 06:56 AM
To be fair, this doesn't actually disable Find my Phone. It just interrupts the connectivity of the device. Which they could also do by powering off the phone, or putting in an area with no service?

Restore the phone in iTunes and find my phone is completely disabled. By engaging flight mode before any remote wipe, you disable the remote wipe possibly allowing the phone to be activated after restoring in iTunes without entering the iCloud password...

sbailey4
Sep 23, 2013, 08:35 AM
Restore the phone in iTunes and find my phone is completely disabled. By engaging flight mode before any remote wipe, you disable the remote wipe possibly allowing the phone to be activated after restoring in iTunes without entering the iCloud password...

Incorrect information there chief. You cannot activate or erase without the AppleID. Restore will be of no help. Neither will DFU restore.

cjmillsnun
Sep 23, 2013, 09:13 AM
Incorrect information there chief. You cannot activate or erase without the AppleID. Restore will be of no help. Neither will DFU restore.

Isn't that only if the phone was remote wiped?

EDIT: Just looked above and you're correct. No security flaw then. Phone is useless if stolen.