Wrong, they don't give you the ability to get back your icloud account and the data in it.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Responds to Report About Thieves Permanently Locking Out iPhone Users
- Thread starter MacRumors
- Start date
- Sort by reaction score
You mean the statement where they specifically said that they were investigating protections against this kind of attack???
Not their issue. Don't use easy passcodes. Problem solved.
We won't agree so I have said my peace.
The poster said the thieves don’t need the passcode though, so how do the thieves get the Apple ID?
No reason to be angry at the WSJ. This is a legitimate risk, however, rare it may be. If in reading these things you think differently about how and where to enter your passcode, then you are better off for it. I for one am more cautious because of it. This is all complicated, but awareness is a key factor in reducing the risk.
That's just boilerplate -- they don't actually say they are actively working out a way to fix this vulnerability.
WSJ first reported on this issue over two months ago and Apple had an even worse response. This type of crime has been increasing and Apple has known about this issue for much longer.
Oddly, when I enabled the don’t allow Account Changes, it restricted my access to Carrot Weather (and removed the app from my Apple Watch). I filed a bug report with Carrot. I do love Carrot (and the complication on my watch), so this creates a bind for me with this solution.
Just do what I do and never leave your house.
I'm hella secure.
I'm hella secure.
I’d love a way to be able to lock my phone with my Apple Watch. For instance someone grabs my unlocked phone out of my hands, I could simply swipe into control centre on my watch, press a button and have the screen lock on my phone.
Watch someone key in their passcode. Or hold them at gunpoint...
The poster you were talking about said they can get past it with the SIM, but I don't have a physical SIM, so that's not a problem for me. Someone could see me key in my passcode, no matter how complicated it is. Think of it like a single factor auth in a 2 factor world.
Not giving specific information about this vulnerability is certainly different than not thinking it needs a solution.
Sure. I'm not sure of your point here.
Anyone prefers the unlocking pattern how they have on Android smartphones?
This all came about when thieves were spying on the iPhone passcode and then stealing the iPhone.
The thieves could just as easily spy on you inputting your unlock pattern.
So not much difference there.
The best advice: cover your screen when inputting passcode or unlock pattern in public.
The extreme mitigation would be to just get a 2nd phone for when you go out socializing. While your main Iphone is for daily driver use where you're only going to work, out to lunch. Where the risk is smaller from a rando out looking to score a theft in a bar, club, etc. SOmeone mentioned most of these are acquaintances. IN that case you need to find a better class of "friends". lol.
That doesn't help when they watch you key in your passcode, and no we wont agree because you think nobody can ever see you key in your passcode -- I'm a bit more of a realist.Not their issue. Don't use easy passcodes. Problem solved.
We won't agree so I have said my peace.
Point is that it appears Apple is in no hurry to fix it. They can easily put in place a quick temporary solution until they implement the best long term solution.
If anyone sees me type my sentence of a password, good luck. I also don't openly type my password in public places.
New technologies always open new avenues to crime. Look at the proliferation of credit card fraud following the widespread use of debit/credit cards, especially at gas stations and restaurants where card skimmers were being used to great effect. As technology caught up, the crime shifted elsewhere. Right now the big thing is fishing checks out of USPS drop boxes to either "wash" the checks or get the ACH information from them.
Crimes like these are old as time, and will always exist. All people can do is MINIMIZE their exposure by being security conscious and cognizant of the fact that now days your phone is more central to everything in your life than any device in human history. Access to it should be treated with the care and diligence due to such a powerful object.
As soon as Apple, or any other company comes along with the "solution" to this problem, someone will find a new way to defraud people and the game starts again.
Remember.
Locks are for honest people (meaning, any lock can be opened by a brazen and/or skilled criminal).
Safes buy you one thing. Time. Time for someone to respond and stop the theft.
You can minimize your exposure to theft and fraud, but preventing it is almost impossible, and will happen. This is why I tell people that despite having the best security measures in place, you need to INSURE, INSURE, INSURE. Anything you are NOT willing to take a total loss on must be insured with the lowest deductible you can afford. Restitution is rarely recuperated from "natural" people. This includes identity theft insurance.
A reason you may need "Identity Theft" insurance
Crimes like these are old as time, and will always exist. All people can do is MINIMIZE their exposure by being security conscious and cognizant of the fact that now days your phone is more central to everything in your life than any device in human history. Access to it should be treated with the care and diligence due to such a powerful object.
As soon as Apple, or any other company comes along with the "solution" to this problem, someone will find a new way to defraud people and the game starts again.
Remember.
Locks are for honest people (meaning, any lock can be opened by a brazen and/or skilled criminal).
Safes buy you one thing. Time. Time for someone to respond and stop the theft.
You can minimize your exposure to theft and fraud, but preventing it is almost impossible, and will happen. This is why I tell people that despite having the best security measures in place, you need to INSURE, INSURE, INSURE. Anything you are NOT willing to take a total loss on must be insured with the lowest deductible you can afford. Restitution is rarely recuperated from "natural" people. This includes identity theft insurance.
A reason you may need "Identity Theft" insurance
it would be nice, for per app pins. so things like applepay could have a pin for its use but not expose your device pin.
also, maybe some sort of validated identity for those that need or want. so, they could goto an apple store / partner and present id. and have some sort of process to get there account back.
also, maybe some sort of validated identity for those that need or want. so, they could goto an apple store / partner and present id. and have some sort of process to get there account back.
Last edited:
Or... the are in a hurry but it takes time. As far as you assumption that an easy, quick temporary solution exists, I'll just point out that you have no idea what factors they have to consider.
Not that hard.
You're talking passcode, not password aren't you -- that would make it so someone couldn't use this exploit, but if it's just your icloud password, it can be gotten around if they watch you key in your passcode.
why is character preview always on for the passcode entry even if you have it off in the keyboard settings? this makes it much easier for someone to spy on your alphanumeric password which negates this whole suggestion
LOL...please! Quick solution, add a customer option to Apple ID changes, where an Apple ID PW change requires the old password or a 24 hour wait period if you don't know the old password. Just like they give the customer other options to add additional security. But silly me, I guess Apple isn't big enough to have the resources to quickly respond to security issues.
The only solution is to not use a phone as the center of your digital existence. No one will do that, though. But if you used a flip phone no one would really care all that much. And if you keep your phone for simpler things like photos and basic call/email/etc then your risk profile is reduced but then those things would need to be handled by another device. Being aware of your surroundings and situations help as well but not a cure.
In the end there is no perfect security and nothing that fixes every scenario without a great deal of compromises. And with more and more going to these devices the risk and temptation to exploit it goes up.
In the end there is no perfect security and nothing that fixes every scenario without a great deal of compromises. And with more and more going to these devices the risk and temptation to exploit it goes up.
FaceID. It's super fast (far faster than typing in a code) and works amazingly well. The number of times I have to enter my iPhone passcode manually (other than after a phone reboot) is extremely small and therefore highly unlikely to happen in a busy public place.