A device is trusted when you sign in with your Apple ID and password and supply a second factor at the time of the initial login. Once it is trusted, it can also generate recovery codes.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Responds to Report About Thieves Spying on iPhone Passcodes to 'Steal Your Entire Digital Life'
- Thread starter MacRumors
- Start date
- Sort by reaction score
I think you are correct. Apple markets iOS as the most secure smartphone platform so they will be forced to address this soon.
The same passcode that they allow to be used to change the Apple ID password. At the time of the password change, Apple is using single factor authentication to allow changes to that password.
The device itself carries the provenance of verification, so in that context, the passcode has the same power as a password.
Edit: it’s like going through security at the airport and being in a protected space until you get into the plane.
Still if it’s something you know it can be gotten. If it’s something you have and you don’t have it depending on your situation you could be screwed.
If "the passcode has the same power as a password" then it is single factor authentication.
Been reading all this and other stuff as it comes up.
End of day my S23 Ultra and 1+ 10 Pro are both better protected than my 13 ProMax from this type of attack.
Wow.
Move is in Apple’s court.
End of day my S23 Ultra and 1+ 10 Pro are both better protected than my 13 ProMax from this type of attack.
Wow.
Move is in Apple’s court.
A vulnerability the article points out that thieves are using to devastating effect. They steal your passcode, then your iPhone. In an instant, they have all they need to usurp your digital life. This isn't hypothetical. It is happening.
Lots of people--myself included--here are pointing out that weakness and giving suggestions to improve security.
I don’t see apple making it a little harder. It’s either all or nothing. If it’s nothing one is screwed if they forget their Apple ID password. If someone holds a gun to your head and can’t get into the phone everything is lost anyway. But at least you’re protected. There’s that security vs usability thing again. Unless of course you have another trusted device somewhere. But for those who only have an iPhone the iPhone is lost. I can’t see apple wanting to deal with hundreds or millions of calls to unlock a phone. But I could be wrong.
That is indeed a problem with the design. Also there's no way to recover your account (and your data) once it gets taken over by someone else. I'd go so far as to say that's an extreme flaw in the design and Apple's response to it so far is irresponsible. And the possible fixes for this wouldn't be a burden on users and normal operation -- just when the iCloud account password gets changed. Perhaps a wait time of a day for a password change to go through, with at least 3 different ways that Apple notifies and asks the user if it were them. Their icloud email, text, and a recovery email account that is not on the iPhone. And even better if they have a Mac at home, the wait time should allow the user to tell apple, no it wasn't them, and then change their password themselves to something else and disable the iPhone and passcode that was stolen.
Exactly. They are stealing two factors needed to control the account. If they knew your password, your passcode, and your Apple ID, they still couldn’t access your account without access to “something you have” which is your trusted device that has 2FA turned on and uses a passcode.
Yes. I’m hopeful that Apple can find an agreeable solution for users who forgot their passwords.
TLDR: my personal reaction to the WSJ piece was to create a separate and limited Apple ID for my iPhone.
Last edited:
I‘ve been wondering if the Screen Time passcode issue you discussed can also be outmaneuvered by a child’s iPhone where the recovery ID is not the phone’s ID, but that of the parent?
This thread provides a very useful service. It gets people discussing and exposing the issue. The more people that are aware of this flaw, the more people that provide feedback to Apple, and the more media exposure, will all help put pressure on Apple to fix the flaw.
Last edited:
Simply requiring the existing AppleID password to change it in the first place would resolve this issue already. If the thief chooses to reset the password, a mandatory 60 minute wait time would prevent them from using that as a loophole, giving the account owner a chance to wipe the iPhone remotely.
Let's not forget these attacks worked only because the owner of the phone wasn't able to gain access to their own account to wipe the stolen phone when they attempted it in a matter of mere minutes.
The problem is really that Apple wants its users to store their entire personal info, contacts, credit cards and whatnot on these devices and let's you get away with a simple PIN code that if spied let's a third party unlock everything at an instant. That's bad design, plain and simple.
Nobody can convince me that Apple as one of the biggest and most successful tech businesses in the world with an extremely valuable brand to protect couldn't have foreseen this happening. With how much of a fuss they make about protecting their user's privacy and whatnot, saying this works as intended and is the user's fault is not in Apple's best interest.
Now that this info is public and anyone stupid criminal can abuse the woRkInG AS dEsIgnEd flaw, it won't be long for more cases to become public and Apple knows that. I bet they will silently fix the design flaw and won't say a word. One day you'll change your AppleID password and you'll notice some new security put in place. But when calling Apple they will never admit why that feature was added.
Let's not forget these attacks worked only because the owner of the phone wasn't able to gain access to their own account to wipe the stolen phone when they attempted it in a matter of mere minutes.
The problem is really that Apple wants its users to store their entire personal info, contacts, credit cards and whatnot on these devices and let's you get away with a simple PIN code that if spied let's a third party unlock everything at an instant. That's bad design, plain and simple.
Nobody can convince me that Apple as one of the biggest and most successful tech businesses in the world with an extremely valuable brand to protect couldn't have foreseen this happening. With how much of a fuss they make about protecting their user's privacy and whatnot, saying this works as intended and is the user's fault is not in Apple's best interest.
Now that this info is public and anyone stupid criminal can abuse the woRkInG AS dEsIgnEd flaw, it won't be long for more cases to become public and Apple knows that. I bet they will silently fix the design flaw and won't say a word. One day you'll change your AppleID password and you'll notice some new security put in place. But when calling Apple they will never admit why that feature was added.
I heard about this and tried what they said to change my apple password, and was absolutely shocked that it really was as simple as they said. There’s no extra security on it.
It seems like even just requiring biometrics for it or entering your existing Apple password would mediate quite a bit of this, and seems obvious.
I honestly thought that’s what they were already doing. Maybe they used to at some point because I thought that it was a lot harder to change your password then just clicking on at once you’re in the phone.
It seems like even just requiring biometrics for it or entering your existing Apple password would mediate quite a bit of this, and seems obvious.
I honestly thought that’s what they were already doing. Maybe they used to at some point because I thought that it was a lot harder to change your password then just clicking on at once you’re in the phone.
I thought the same thing when I tried it - there was definitely a time where it didn't work like that. Before 2FA was mandatory the Apple accounts had 3 security questions you had to answer to reset an Apple password as well, I still have an older account and have those questions written down somewhere safe. But if you make a new account now, Apple only requires your phone number and will never ask the 3 questions. So when your unlockable phone is stolen, the attacker automatically gets the Apple account 2FA on a silver plate.
That actually doesn't work. Once the code to the iOS device is known you can change biometrics, and if you are required to enter the current password you can just reset it and get a 2FA code sent to the stolen device you are already holding in your hands. So there absolutely needs to be at least a 60 minute wait timer for AppleID password resets to give the victim of a stolen phone any chances of remotely wiping it.
Equally bad is, i can use my unlocked iOS device to immediately wipe all my connected Macs in the Find My app, it doesn't seem to ask me for a password when I click the red "Erase this device" option. It just gives me a stern warning and a "continue" button. Even if it were to ask for my AppleID password, I could just change it and then go back to Find My.
Imagine if you hand your phone to a stranger for 30 secs to make a phone call, maybe their phone died at some event you're at and they don't know where their friends are, or however the story goes. They could wipe at least one of your connected devices before you can stop them.
The trusted device could be considered a second factor if the password change was being initiated on a different device.
I’m optimistic about them adding a safeguard or two to the recovery method. Change Password would require the current password and Change Forgotten Password would inform the user of a waiting period and send the typical notifications regarding the pending change.
I think if 2FA is enabled and there is more than one Apple device on the account, the second device should be required. If hardware keys have been enable, one of them should be required.
Failing that, there are existing account recovery protocols that could and should be followed. If a recovery key has been set on the account, that key can be used. If a recovery contact has been enabled, that process can be followed.
I thought that those hardware keys do protect me exactly on this point. That’s one of the reasons why I bought them.
If even in this case it’s not working with hardware keys, so why do I need them in general? Looks like they’re completely useless?!
My understanding is they do not. Since you have hardware keys could you try changing your iCloud password using just you device passcode?