Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Responds to Report About Thieves Spying on iPhone Passcodes to 'Steal Your Entire Digital Life'
- Thread starter MacRumors
- Start date
- Sort by reaction score
When the attacker/thief has access to Find My, they can remotely lock or even wipe all the devices linked to your account. It sounds like this is what happened. When you don't have a backup, you're screwed.
It's not clear from the reporting why some victims permanently lost access to their Apple Accounts and apparently some were able to get back in. It's not explained unfortunately in the article.
Funny anecdote. Until recently my Time Machine Backups were encrypted using a long random password, which was saved in my Macs local keychain. In the event my Macs SSD would have broken, the backups would have been completely useless, because I had no way to get the password from the old keychain 😂.
That's not what I was replying to. The idea in question was to use two factor unlocking by requiring both TouchID and FaceID to be used simultaneously to unlock an iPhone. Of course this would require an iOS device that has both types of unlocking hardware.
Even with this hypothetical iPhone, if the thief knows your passcode, they can still wreak havoc. It doesn't matter if you have a 4 digit passcode or a 6 digit passcode or a 25 character one, if they see your passcode, you're compromised.
A potential solution is to allow users to have two passcodes, or more. One passcode can be used for unlocking the iPhone, just like normal. A second passcode could be used for higher level activities, like changing any aspect of your AppleID, adding more fingers to your TouchID, adding more faces to FaceID, getting into your Keychain, etc.
I'm sure the smart folks at Apple could implement this and come up with other scenarios to protect users.
In response to this exchange, I think everyone should be using either TouchID or FaceID exclusively to unlock their phones and for ApplePay. There's no reason to be using your passcode for these situations because TID and FID are infinitely easier. In those edge cases where TID and FID fail because of reasons, then users will need to be aware of their surroundings and protect themselves and their passcode.
The second idea, and a response to i7guy ... I think that most users have little reason to change or update the items in question. Who really needs to change their AppleID password or look at their Keychain passwords. All of these higher level activities could be put behind a different password that users will rarely ever use and therefore, thieves won't have really have the ability to observe someone entering that password. Now the danger would be that a user forgets this password precisely because it is rarely used.
Apple needs to be be careful in how they implement a fix. Perhaps they can make the single passcode for all (SPFA) the default, and allow users to opt-in to a multi passcode for security (MPFS). Then users who want to protect themselves from a catastrophe in the event that a clever thief steals their phone can do so. And those who choose not to protect themselves with MPFS, will be met with a "we understand your frustrations, but you chose not to protect yourself".
I wrote Apple’s security team and this was their response:
Hello,
Thank you for contacting the Apple Product Security team. We take every report of a potential security issue seriously.
After examining your report, we do not see any actual security implications because it requires knowledge of the device's passcode. If two-factor authentication is enabled, it is expected behavior that any trusted device can change the password with the device passcode. Additional information about this feature is available in the "Two-factor authentication" at https://support.apple.com/HT201487.
Please note that we recommend that users use a strong device passcode to prevent unauthorized access to their device. As always, physical security remains an important part of protecting the data on your iOS device.
We look forward to your future reports.
Best regards,
Alex
Hello,
Thank you for contacting the Apple Product Security team. We take every report of a potential security issue seriously.
After examining your report, we do not see any actual security implications because it requires knowledge of the device's passcode. If two-factor authentication is enabled, it is expected behavior that any trusted device can change the password with the device passcode. Additional information about this feature is available in the "Two-factor authentication" at https://support.apple.com/HT201487.
Please note that we recommend that users use a strong device passcode to prevent unauthorized access to their device. As always, physical security remains an important part of protecting the data on your iOS device.
We look forward to your future reports.
Best regards,
Alex
Can't say I'm surprised at the response. I would also be surprised if Apple is not mulling this over internally to determine what if anything might need to be changed.
I would be surprised if everything we’re discussing and then some hadn’t already been mulled over and over back when the person with the authority overruled those opposed and flipped the switch.
Security is always an evolving moving target. The first years of iPhones, there wasn't even a Lock Screen. Then it evolved to 4 digit passcodes, then touch-id, then longer alphanumeric passcodes, and then Face-ID. It's now time to up the security of the Apple-ID. At least give the customer the option to make it stronger, like they do with their other optional advanced security features.
We really don't know. The form letter isn't wrong. Physical security is important. If we take this to the nth degree and say Apple should protect against armed robbery, is one's life really worth it? Situational awareness combined with a good password will go along way. Setting a screen time password will go a long way as well.
One of the primary reasons I locked myself into the Apple ecosystem was not having to work so hard at being a sys admin for my personal life. As of the WSJ article, I feel the need to take the path of greater resistance and I’m annoyed. I didn’t want to spend this past weekend re-thinking the security of something I thought was already secure.
After this incident I went and reviewed the access for all financial institutions I have access to. I deleted the email from mail as I'm able to use webmail and made sure the authentication method was an email. Other than that, no changes. If someone wants my phone badly enough they can have it.
Don‘t agree. Why should iOS ask you to enter your AppleID password to protect payments e.g. when you buy something in the AppStore or an eBook, but at the same time the passcode is sufficient to change AppleID password?
This is just a BS implementation and it is faulty.
Users CAN generate a recovery key. Using just a simple 4digit passcode has nothing to do with security. It is broken.
Last edited:
Unless we are discussing different things, this is about recovery of your apple id password in case you need it for some matter. (whatever that matter is, is not relevant). For those who just have an iphone, as opposed to some other trusted devices, it's not possible to recover your apple id if you forget the password. The device passcode is used. You may not like the implementation, but it makes a certain amount of sense.
Anyway, I'm just voicing my opinion and where this goes, if anywhere, we shall see.
I’m re-thinking the value of having FindMy/Activation lock turned on for several of my devices. Seems like it has more potential to help get me locked out of using them than ever recovering them if they went missing.
[I would ensure that strong user passwords or passcodes are used, encrypt the Mac, ensure that data erase is on for the iOS devices.]
[And since I don’t want a Legacy Contact, at least a relative could re-use my collection of Apple gear.]
[I would ensure that strong user passwords or passcodes are used, encrypt the Mac, ensure that data erase is on for the iOS devices.]
[And since I don’t want a Legacy Contact, at least a relative could re-use my collection of Apple gear.]
Last edited:
I can understand you. But why is there a possibility to generate a recovery key? Why does iOS ask you to enter your AppleID password? This is just a fake feeling of security that is not given.
To be honest, I never used my iPhone to change AppleID password, so I was surprised. Bank transfers, crypto currency, id and drivers license, your digital life is bound to an insecure passcode? Mine is alphanumeric and very secure, but I used the screen time hack immedialtely.
This sucks … At least a user should be able to disable this - screentime is a bad hack to protect your digital life.
Unfortunately Screen Time has the same device passcode vulnerability. See my post #300 in this thread.
Well, the article's logic is rubbish.
The real reason it's not as big a threat on android is because you can't put all your eggs in one basket like you can with Apple and iCloud. Everything on android is compartmentized. Your banking info isn't tied to your gmail account. And it's possible to recover your Google account. Not so with iCloud. If you get locked out of iCloud, you're SOL.
Google also provides a 6 hour delay if you request a forgotten password by only using two forms of 2FA…the kind a thief of the phone in question would usually have access to (SMS and email).
I know this because I tried to be a “thief” and pretend I know my iPhone passcode but not my Google account (I don’t save my google account password in Keychain). I wanted to see if I could take over that account as well. I used their forgot my password and was able to use two form of 2FA (SMS and email), however, there was a 6 hour waiting period.
Physical possession is important and it's important to remember security vs usability and the absolute number of people vs the total population. However, if it becomes a thing where ne'er do wells start to use force to grab and iphone passcode, something probably will be done by Apple.
I get what you are saying. Absolutely, but I also get what the person you replied to is saying as well. If I can reset my Apple ID password with just a passcode, then why do I need to type my password in to turn off Find My? It kind of defeats the purpose. Also, it makes the recovery key mute, because I can request a new recovery key once a reset the password. Thus, the passcode is everything.
I‘m glad at least someone understands the nature of this bug. It renders the second level of security void.