These folks are doing the whole change and control in under three minutes.
Unless you have another phone, tablet, or your Mac, you aren't going to have time.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Responds to Report About Thieves Spying on iPhone Passcodes to 'Steal Your Entire Digital Life'
- Thread starter MacRumors
- Start date
- Sort by reaction score
These folks are doing the whole change and control in under three minutes.
Unless you have another phone, tablet, or your Mac, you aren't going to have time.
Seems like there should be a feature on a cellular Apple Watch that could remotely disable all your other Apple devices if they are stolen. It would lock your devices and require your actual iCloud password (that the thief wouldn't know)
But then I guess thieves would start stealing Apple Watches off your wrists too.
I’ve been following this thread for a while and while it’s mostly theoretical, it makes me antsy. I've lived in lower Manhattan for 40 years and I’ve never been in any situation like this. I did witness a shooting back in the 80’s but it wasn’t serious.
Yes, yes and yes. Shoulder surfing or whatever equivalent and then snatching a phone is assault. So if you were going to be assaulted and/or threatened how your device is protected is not relevant. And if a gun was held to your head I would think most rational people would give up the goodies.
I would hope people would secure their important apps using face id. Every important app I have on my phone supports that. If the apple id password is reset, face id is invalidated as well as the wallet. Important apps would then need a sign in using their own unique user and password. Important apps that don't support face id...which I personally haven't come across yet, are not on my phone.
Anyway, there are clearly two camps on this thread that will probably never agree with one another. The takeaway is one has to have situational awareness and be smart.
Agreed, but if you use iCloud Keychain for all your passwords, then it will still be open to the thief to use all your passwords. iCloud Keychain (passwords) access foolishly falls back to device passcode after Face-Id.
You have to be smart. I was born in the Bronx and raised in Manhattan and lived there a loooong time until we moved from 80th and 1st to the burbs. One has to be smart about where they are, who is around them and what they are doing. What is described in this thread is unfortunately a form of social engineering. What Apple will do if anything remains to be seen. But I do not think Apple intended to protect the phone from assault. But there are clearly some steps that can be taken to mitigate this type of threat. Mostly when you have your phone out in crowded, noisy places, be aware of what is going on around you.
If you are the type that is worried about that...you can certainly delete all saved passwords and keep them on a password manager not dependent on face id or the device passcode. If one is savvy enough, concerned enough and could be in situations where "shoulder surfing" is a possibility there are mitigations to better protect yourself if you are assaulted and the phone ripped from your hands.
I think if those reading the thread exercise some common sense when out in public to reduce risk, as well as better securing the phone (and its contents) and account, what we read about will be far less likely to happen.
Don't forget, most people aren't tech nerds perusing MR every day. I doubt most consider iPhone account safety much less being situation aware, especially at bars and other crowded venues where people are drinking and got their phone in their face or back pocket.
I am not worried. My iPhone isn't worth dying over. If someone tries to physically hurt me, then I will meet force with force.
Seems like there should be a feature on a cellular Apple Watch that could remotely disable all your other Apple devices if they are stolen. It would lock your devices and require your actual iCloud password (that the thief wouldn't know)
But then I guess thieves would start stealing Apple Watches off your wrists too.
When I sat down and thought about this (for my use) and how those I know with iPhones, I ran into the scenario where the only Apple device they owned was an iPhone. In a couple of cases it was the only computing device they owned (outside of a gaming console).
The solution needs to be LCD.
I might be able to mitigate most "shoulder surfing", but I can't always mitigate cameras. I can be in any kind of establishment, and it doesn't have to be crowded, where a security camera can capture me. The security camera operator could be a part of a criminal ring. Because of the ease of this crime, and the devastating power of it, Apple should better mitigate it on their end.
Problem is most folks use the Settings > Passwords. Once in they have the login and password to pretty much every app.
Personally I moved to BitWarden and a couple of my financial apps support pincodes as a second step login.
This is going to be a challenge I hope gets fixed.
Changing your AppleID password is a big deal and should merit the highest security. At least 2 trusted devices--2 different authentication codes--to change your password or recover a forgotten password.
With only one authentication code required, a thief can hijack your AppleID. Forgot password, get authentication code on stolen device. Bye-bye your iCloud everything.
Maybe Apple will offer some more account security options in iOS 17. We definitely need it with the account.
If you only have one device you have to be able to recover your Apple ID. Apple makes it so you don't need your apple id or password, most of the time. You have to keep your device passcode safe. We are not going to agree on this and my bottom line is that we will have to wait for Apple to see what response they have. They don't want to make it impossible for those who need to recover their apple user id or password.
True. And people also leave the cars running with the keyfobs in the car and their house door open. I was pointing out that it is possible for those who believe that extra security is warranted, that making some changes independently of Apple could mitigate this type of social engineering attack.
Use a privacy screen. I know people that do. My old BBERY used to have a privacy screen. Good luck guessing where I put my fingers on the screen if the camera can't see the screen. Those who are desperate enough will get what they want.
But @Apple_Robert has a point. There may be something coming up in 16.4, 16.5 or ios 17. Just remember, you don't want to lose your life if a ne'er do well with no regard wants into your phone.
Apparently Norton Lifelock doesn't support face-id anymore. No clue why.
For your account, yes, but to open the app on your iphone after you key in the password the first time, no, a simple 4 digit pin.
My friends and family have always thought of me as an iPhone and Apple expert, but this week has shown me how little I knew about Find My, Screen Sharing Time, 2FA, Recovery methods, which apps on my phone can be trusted with FaceID or (or Touch ID on my iPad), and there are more support articles to read and things to test.
Last edited:
If you have a desktop iMac which ain't going anywhere, then one would be well advised to turn off Find My on that iMac to guard against it's data being wiped, would you agree.
Here's my updated list of suggested solutions from this thread and casually talking to friends. I jot this stuff down fairly quickly while talking so expect it to be imperfect
Solution Suggestions:
01) In order to change your iCloud password you should have to enter in the old/current password AND the device unlock passcode. Ideally, an iCloud passcode change would require: Face ID or Touch ID, current iCloud passcode, and device passcode.
02) All account critical settings on iOS and macOS should (optionally) be able to be locked behind an at least 6 digit passcode with the option to be alphanumeric and CANNOT also be the same as any currently used passcode like iCloud or device unlock. Adding Face ID and Touch ID authentication should be an option here as well.
03) There should be an option to toggle on a 24hr waiting period for an iCloud password reset to take effect.
04) Important apps like banking apps, stock market apps, email or whatever app (or folder) the user chooses, should have the option to be locked behind a passcode which must be entered before they launch. These apps and folder self-lock when the phone locks.
05) Once Advanced Data Protection is on, changing the Recovery Key or turning the Recovery Key off should require the device unlock passcode AND the iCloud passcode and probably Face ID or Touch ID as well. It should also have a waiting period as an user-settable option for 6, 12, or 24 hours.
06) Screen time passcode should not be able to be added, removed, or changed without iCloud passcode AND device passcode and probably Face ID or Touch ID as well.
07) If FaceID fails for Passwords (in Settings), require iCloud passcode AND Device passcode to unlock. Maybe have it always require some passcode.
08) Removing devices from your account through Safety Check should require iCloud passcode and device passcode and probably Face ID or Touch ID as well.
09) Apple could make a “duress” passcode an option, (or button presses) where when it’s used it locks down the phone or erases it (options set by the phone’s owner) or turns on Lockdown Mode.
10) FaceID and Touch ID should not be able to be altered without iCloud Passcode and Device Passcode.
11) Maybe a quick way to enable Lockdown Mode.
12) Apple should have an option to disable character preview on keyboard when typing passcodes. Also, an option to toggle off the last character shown in text entry box when typing passcodes.
13) There is a trusted emergency contact option available to regain access to iCloud if password is forgotten or changed. However, to change, remove, or add a trusted emergency contact, the iCloud password, device unlock passcode, and biometric ID should be required.
14) iCloud passwords should have an optional hint available in case the passcode is forgotten.
15) Apple should add the ability to require an app to be unlocked with a pin or biometric ID in that app’s settings via a toggle. For example in an app’s settings “Require Face ID or Touch ID to open.”
16) Any account change should have the option to lock it behind a physical MFA device like a yubikey.
17) Another suggestion is to make changing your iCloud password require 2 device authentication. But this will not work for those that only own one device, obviously.
18) In the case of someone with only an iPhone and no other apple devices or home computer or laptop changing iCloud password should not send any manner of confirmation code or email to that single specific device. This is like an ATM telling you your PIN code. In this case something like security questions (that are NOT stored in Passwords) should be used. And in this case these answers would simply have to be remembered by the user as they would not be contained on the phone. Maybe they could be in a locked Note, but then that password would be on the phone also, potentially, in Passwords. The point is any verification for a person who only has an iPhone and no other computer or device should be something not retained on the phone and only kept in that person’s brain.
19) Screen Time, if set to not allow account or password changes, should prevent iCloud passcode from being changed until the Screen Time passcode is entered.
20) If a Screen Time passcode is set, it should not be allowed to be altered if the device passcode is used to reset the AppleID.
21) If one forgets their Screen Time passcode, there should not be any “Forgot AppleID passcode?” presented to recover or change it.
Concerns once passcode is known by bad actor:
01) With Find My enabled when a bad actor has control of your phone (via just the device unlock passcode, alone) and it is a trusted device, the bad actor can permanently lock you out of ALL your other “Find My” enabled devices.
02) They can not only see where all your other Find My devices are, but if you are carrying one with you they can track and follow you to steal it and because they may already have control of ALL your devices, and the bad actor would be the only one able to use them. They can PRE-STEAL your devices even before they physically have them and lock them so that only they can use them.
03) A bad actor could possibly see where you are due to your airtags and also know that you have a laptop or desktop at home and steal it since they can see you are not at home.
Solution Suggestions:
01) In order to change your iCloud password you should have to enter in the old/current password AND the device unlock passcode. Ideally, an iCloud passcode change would require: Face ID or Touch ID, current iCloud passcode, and device passcode.
02) All account critical settings on iOS and macOS should (optionally) be able to be locked behind an at least 6 digit passcode with the option to be alphanumeric and CANNOT also be the same as any currently used passcode like iCloud or device unlock. Adding Face ID and Touch ID authentication should be an option here as well.
03) There should be an option to toggle on a 24hr waiting period for an iCloud password reset to take effect.
04) Important apps like banking apps, stock market apps, email or whatever app (or folder) the user chooses, should have the option to be locked behind a passcode which must be entered before they launch. These apps and folder self-lock when the phone locks.
05) Once Advanced Data Protection is on, changing the Recovery Key or turning the Recovery Key off should require the device unlock passcode AND the iCloud passcode and probably Face ID or Touch ID as well. It should also have a waiting period as an user-settable option for 6, 12, or 24 hours.
06) Screen time passcode should not be able to be added, removed, or changed without iCloud passcode AND device passcode and probably Face ID or Touch ID as well.
07) If FaceID fails for Passwords (in Settings), require iCloud passcode AND Device passcode to unlock. Maybe have it always require some passcode.
08) Removing devices from your account through Safety Check should require iCloud passcode and device passcode and probably Face ID or Touch ID as well.
09) Apple could make a “duress” passcode an option, (or button presses) where when it’s used it locks down the phone or erases it (options set by the phone’s owner) or turns on Lockdown Mode.
10) FaceID and Touch ID should not be able to be altered without iCloud Passcode and Device Passcode.
11) Maybe a quick way to enable Lockdown Mode.
12) Apple should have an option to disable character preview on keyboard when typing passcodes. Also, an option to toggle off the last character shown in text entry box when typing passcodes.
13) There is a trusted emergency contact option available to regain access to iCloud if password is forgotten or changed. However, to change, remove, or add a trusted emergency contact, the iCloud password, device unlock passcode, and biometric ID should be required.
14) iCloud passwords should have an optional hint available in case the passcode is forgotten.
15) Apple should add the ability to require an app to be unlocked with a pin or biometric ID in that app’s settings via a toggle. For example in an app’s settings “Require Face ID or Touch ID to open.”
16) Any account change should have the option to lock it behind a physical MFA device like a yubikey.
17) Another suggestion is to make changing your iCloud password require 2 device authentication. But this will not work for those that only own one device, obviously.
18) In the case of someone with only an iPhone and no other apple devices or home computer or laptop changing iCloud password should not send any manner of confirmation code or email to that single specific device. This is like an ATM telling you your PIN code. In this case something like security questions (that are NOT stored in Passwords) should be used. And in this case these answers would simply have to be remembered by the user as they would not be contained on the phone. Maybe they could be in a locked Note, but then that password would be on the phone also, potentially, in Passwords. The point is any verification for a person who only has an iPhone and no other computer or device should be something not retained on the phone and only kept in that person’s brain.
19) Screen Time, if set to not allow account or password changes, should prevent iCloud passcode from being changed until the Screen Time passcode is entered.
20) If a Screen Time passcode is set, it should not be allowed to be altered if the device passcode is used to reset the AppleID.
21) If one forgets their Screen Time passcode, there should not be any “Forgot AppleID passcode?” presented to recover or change it.
Concerns once passcode is known by bad actor:
01) With Find My enabled when a bad actor has control of your phone (via just the device unlock passcode, alone) and it is a trusted device, the bad actor can permanently lock you out of ALL your other “Find My” enabled devices.
02) They can not only see where all your other Find My devices are, but if you are carrying one with you they can track and follow you to steal it and because they may already have control of ALL your devices, and the bad actor would be the only one able to use them. They can PRE-STEAL your devices even before they physically have them and lock them so that only they can use them.
03) A bad actor could possibly see where you are due to your airtags and also know that you have a laptop or desktop at home and steal it since they can see you are not at home.
I've been mentally thinking through what would happen if a desktop was wiped and locked remotely by a bad actor. Would a Time Machine backup (encrypted) be of any use? I rotate mine and keep at least one off-site at all times, but now I'm thinking that just with a stolen iPhone, Find My on, and a known Device (iPhone) Passcode even the Time Machine backup would be useless on remotely locked hardware; I'd have to just buy an entire new Mac and restore it from the previous computer's back up. Wow.
The Device Passcode really wields a massive amount of power and control once you start thinking about it and testing.
I agree with not giving the code to the device you are on, but what if someone doesn't have one. Guess if you knew someone else you trusted you could give their CTN as the recovery.