Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Responds to Report About Thieves Spying on iPhone Passcodes to 'Steal Your Entire Digital Life'

FYI: In a related thread (Apple Responds to Report About Thieves Permanently Locking Out iPhone Users), the following concept was posted as a potential approach to prevent a user from being permanently locking out of their own Apple account by a thief.
Pleonasm said:
  1. Setup a recovery contact (Settings | [name] | Password & Security | Account Recovery)
  2. Setup a Screen Time passcode (with passcode recovery disabled; Settings | Screen Time)
  3. Secure access to Account Changes with the Screen Time passcode (Settings | Screen Time | Content & Privacy Restrictions | Account Changes = Don't Allow)
Although a thief with your iPhone and passcode could reset your Apple ID, it would still be possible for the owner of the iPhone to recover the Apple account using the recovery contact. Why? Because the thief is prevented from removing the recovery contact, which is protected by the Screen Time passcode and which cannot be reset/removed using the Apple ID password.

Ultimately, the goal is not to prevent a thief from resetting a user's Apple ID - rather, the goal is to prevent a thief from permanently locking out a user from their own Apple account. I encourage the community to critically examine the above (hopefully helpful) approach and to determine if flaws exist.
Click to expand...
Interested readers here may wish to add their perspectives by replying within that thread.
 
  • Haha
  • Like
Reactions: dk001 and MisterSavage
Pleonasm said:
FYI: In a related thread (Apple Responds to Report About Thieves Permanently Locking Out iPhone Users), the following concept was posted as a potential approach to prevent a user from being permanently locking out of their own Apple account by a thief.

Interested readers here may wish to add their perspectives by replying within that thread.
Click to expand...

There have more than a few posts showing how to get around that. Apple meant well but I have to wonder if they actually test their solutions.
Was also discussed in that thread and found wanting.
It would be nice if Apple fixes it.
 
dk001 said:
There have more than a few posts showing how to get around that. Apple meant well but I have to wonder if they actually test their solutions.
Was also discussed in that thread and found wanting.
Click to expand...
@dk001, yes, there is a similarity between the approach I shared and others that have been discussed. Yet, there is one critical difference: namely, disabling the Screen Time Passcode Recovery option.

To clarify, the most important problem to solved is how to prevent a thief from permanently locking out a user from their own Apple account, and thereby blocking access by the user to their most important digital assets (e.g., photos). The logic behind the hypothesis I am proposing is as follows.
  1. The Screen Time passcode cannot be removed or reset by a thief in possession of a stolen iPhone (even if the iPhone passcode and the Apple ID password are known by the thief), because the Screen Time Passcode Recovery option is disabled.
  2. The Screen Time passcode prevents a thief from altering the previously established Content & Privacy Restrictions on the stolen iPhone - and, most importantly, from making Account Changes (because Settings | Screen Time | Content & Privacy Restrictions | Account Changes = Don't Allow).
  3. The Account Changes restriction prevents a thief from removing a previously established Recovery Contact, because the Settings | [name] | Password & Security | Account Recovery menu cannot be accessed on the stolen iPhone.
  4. The legitimate owner of the stolen iPhone can restore their own Apple ID while using another device, because the Recovery Contact is available for use during Apple's account restoration process.
  5. Thus, the situation in which a thief has permanently locked a user out from their own Apple account is avoided. (Quod erat demonstrandum.)
Since “None of us is as smart as all of us," I welcome a critical examination of the above logic by fellow forum members to identify potential flaws and limitations.

P.S.: This proposed approach does not address all the issues referenced in this thread. For example, a thief in possession of an iPhone and passcode will still have the ability to access passwords that may be stored in the Keychain. But, the ability to recover an Apple account may be priceless to some - as documented in this video, telling the woeful tale of Greg Frasca....
 
  • Like
Reactions: dk001
Pleonasm said:
@dk001, yes, there is a similarity between the approach I shared and others that have been discussed. Yet, there is one critical difference: namely, disabling the Screen Time Passcode Recovery option.

To clarify, the most important problem to solved is how to prevent a thief from permanently locking out a user from their own Apple account, and thereby blocking access by the user to their most important digital assets (e.g., photos). The logic behind the hypothesis I am proposing is as follows.
  1. The Screen Time passcode cannot be removed or reset by a thief in possession of a stolen iPhone (even if the iPhone passcode and the Apple ID password are known by the thief), because the Screen Time Passcode Recovery option is disabled.
  2. The Screen Time passcode prevents a thief from altering the previously established Content & Privacy Restrictions on the stolen iPhone - and, most importantly, from making Account Changes (because Settings | Screen Time | Content & Privacy Restrictions | Account Changes = Don't Allow).
  3. The Account Changes restriction prevents a thief from removing a previously established Recovery Contact, because the Settings | [name] | Password & Security | Account Recovery menu cannot be accessed on the stolen iPhone.
  4. The legitimate owner of the stolen iPhone can restore their own Apple ID while using another device, because the Recovery Contact is available for use during Apple's account restoration process.
  5. Thus, the situation in which a thief has permanently locked a user out from their own Apple account is avoided. (Quod erat demonstrandum.)
Since “None of us is as smart as all of us," I welcome a critical examination of the above logic by fellow forum members to identify potential flaws and limitations.

P.S.: This proposed approach does not address all the issues referenced in this thread. For example, a thief in possession of an iPhone and passcode will still have the ability to access passwords that may be stored in the Keychain. But, the ability to recover an Apple account may be priceless to some - as documented in this video, telling the woeful tale of Greg Frasca....
Click to expand...

Thanks for the follow up.
I'm going to give this a try and see what happens.
 
Pleonasm said:
@dk001, yes, there is a similarity between the approach I shared and others that have been discussed. Yet, there is one critical difference: namely, disabling the Screen Time Passcode Recovery option.

To clarify, the most important problem to solved is how to prevent a thief from permanently locking out a user from their own Apple account, and thereby blocking access by the user to their most important digital assets (e.g., photos). The logic behind the hypothesis I am proposing is as follows.
  1. The Screen Time passcode cannot be removed or reset by a thief in possession of a stolen iPhone (even if the iPhone passcode and the Apple ID password are known by the thief), because the Screen Time Passcode Recovery option is disabled.
  2. The Screen Time passcode prevents a thief from altering the previously established Content & Privacy Restrictions on the stolen iPhone - and, most importantly, from making Account Changes (because Settings | Screen Time | Content & Privacy Restrictions | Account Changes = Don't Allow).
  3. The Account Changes restriction prevents a thief from removing a previously established Recovery Contact, because the Settings | [name] | Password & Security | Account Recovery menu cannot be accessed on the stolen iPhone.
  4. The legitimate owner of the stolen iPhone can restore their own Apple ID while using another device, because the Recovery Contact is available for use during Apple's account restoration process.
  5. Thus, the situation in which a thief has permanently locked a user out from their own Apple account is avoided. (Quod erat demonstrandum.)
Since “None of us is as smart as all of us," I welcome a critical examination of the above logic by fellow forum members to identify potential flaws and limitations.

P.S.: This proposed approach does not address all the issues referenced in this thread. For example, a thief in possession of an iPhone and passcode will still have the ability to access passwords that may be stored in the Keychain. But, the ability to recover an Apple account may be priceless to some - as documented in this video, telling the woeful tale of Greg Frasca....
Click to expand...
Wouldn’t a thief trash the account by deleting all pictures, messages, and any other data in there to cause as much damage as possible? I imagine it to be like getting back into your house after a burglary. I agree this is better than nothing but certainly Apple has to provide a better solution.
 
citivolus said:
Wouldn’t a thief trash the account by deleting all pictures, messages, and any other data in there to cause as much damage as possible? I imagine it to be like getting back into your house after a burglary. I agree this is better than nothing but certainly Apple has to provide a better solution.
Click to expand...
@citivolus, yes, the risk exists that the thief could delete data from iCloud (which possibly could be recovered). However, to guard against this case and for safekeeping generally, implementing an iPhone backup solution that is independent of iCloud seems prudent. For example, iMazing can easily backup an iPhone to a Mac/PC, including photos, videos, messages, and voicemail recordings.

P.S.: And, yes, hopefully Apple will create a more elegant and comprehensive approach to improving the security of the iPhone and facilitating account/data recovery....
 
Pleonasm said:
@citivolus, yes, the risk exists that the thief could delete data from iCloud (which possibly could be recovered). However, to guard against this case and for safekeeping generally, implementing an iPhone backup solution that is independent of iCloud seems prudent. For example, iMazing can easily backup an iPhone to a Mac/PC, including photos, videos, messages, and voicemail recordings.

P.S.: And, yes, hopefully Apple will create a more elegant and comprehensive approach to improving the security of the iPhone and facilitating account/data recovery....
Click to expand...
Agreed that backups are always a good thing. But now due to this issue, I've had to spend more time putting in place a backup of my backup of 200GB worth of photos (iCloud).
 
we already know that face ID can check if you're looking and paying attention to the screen, because that's one of the settings they give you, so why not just make the camera check if someone else is looking while you're typing in your password? then it can freeze out the keyboard with a warning.

likewise... if a thief grabs your phone and starts typing in your password then presumably the camera knows that it's not your face staring at the screen, so it should freeze out the keyboard again

if something happens to your own face and you can't get in, then they could just give you the option of typing your password and authenticating it on a second device
 
  • Like
Reactions: Crowbot
Alpha numeric is the way to go

Face ID is good for quick access

Shut it down if you think it’s likely to be taken

Don’t use iCloud

Keep your back to known surroundings or somewhere people can’t go if you’re on a train or something
 
Pleonasm said:
@dk001, yes, there is a similarity between the approach I shared and others that have been discussed. Yet, there is one critical difference: namely, disabling the Screen Time Passcode Recovery option.

To clarify, the most important problem to solved is how to prevent a thief from permanently locking out a user from their own Apple account, and thereby blocking access by the user to their most important digital assets (e.g., photos). The logic behind the hypothesis I am proposing is as follows.
  1. The Screen Time passcode cannot be removed or reset by a thief in possession of a stolen iPhone (even if the iPhone passcode and the Apple ID password are known by the thief), because the Screen Time Passcode Recovery option is disabled.
  2. The Screen Time passcode prevents a thief from altering the previously established Content & Privacy Restrictions on the stolen iPhone - and, most importantly, from making Account Changes (because Settings | Screen Time | Content & Privacy Restrictions | Account Changes = Don't Allow).
  3. The Account Changes restriction prevents a thief from removing a previously established Recovery Contact, because the Settings | [name] | Password & Security | Account Recovery menu cannot be accessed on the stolen iPhone.
  4. The legitimate owner of the stolen iPhone can restore their own Apple ID while using another device, because the Recovery Contact is available for use during Apple's account restoration process.
  5. Thus, the situation in which a thief has permanently locked a user out from their own Apple account is avoided. (Quod erat demonstrandum.)
Since “None of us is as smart as all of us," I welcome a critical examination of the above logic by fellow forum members to identify potential flaws and limitations.

P.S.: This proposed approach does not address all the issues referenced in this thread. For example, a thief in possession of an iPhone and passcode will still have the ability to access passwords that may be stored in the Keychain. But, the ability to recover an Apple account may be priceless to some - as documented in this video, telling the woeful tale of Greg Frasca....
Click to expand...

I believed the same until doing some testing. Screen Time passcode is not the answer even with ID Recovery key set, and with "Recover screen time password with Apple ID" disabled. Though it does put some more obstacles in the thief’s path. Maybe some less knowledgeable thieves would be stopped. Some options to the sequence below put some delay in the Recovery process but the sequence below leads to instant break in.

I just went through these steps:

  1. Screen Time settings > Change Screen Time passcode.
  2. Click Forgot Passcode
  3. Enter Apple ID email in next screen, but not password…click forgot Apple ID password
  4. This produces a screen asking for iPhone Passcode which thief has. Enter Passcode leads to screen to enter new Apple ID password.
Anyone can try these for themselves, no harm is done.... you cancel out without changing things.
 
Last edited:
  • Like
Reactions: dk001
In iOS 17, if an Apple ID password is changed, the old one can be used for 72 hours.

However, there seems to be an option to click "expire immediately" according to a screenshot I've seen.
 
adrianlondon said:
In iOS 17, if an Apple ID password is changed, the old one can be used for 72 hours.

This feature can't, as far as I can determine, be disabled.
Click to expand...
Thank you for posting this, I’ve been very interested to see if his behavior has been changed in iOS 17. Do you mean that both the old and new password can be used for 72 hours? Does iOS 17 still allow you to change the Apple ID password with just the iPhone passcode?
 
citivolus said:
Thank you for posting this, I’ve been very interested to see if his behavior has been changed in iOS 17. Do you mean that both the old and new password can be used for 72 hours? Does iOS 17 still allow you to change the Apple ID password with just the iPhone passcode?
Click to expand...
I made an edit, as after I posted I saw a screenshot of a message which had a click-box to expire the old password immediately. I don't know whether that came up when they changed their password (I've not tried) or it was something shown during the WWDC thing on Monday.

Ignoring that for the moment, yes, the old and new passwords can be used for 72 hours. And yes, the password can be changed just knowing the passcode as before - there's been no changes there.
 
  • Like
Reactions: dk001 and ADrunkenMarcus
citivolus said:
Thank you for posting this, I’ve been very interested to see if his behavior has been changed in iOS 17. Do you mean that both the old and new password can be used for 72 hours? Does iOS 17 still allow you to change the Apple ID password with just the iPhone passcode?
Click to expand...
Looks like it, yes.
 
Thank you.

Leaving aside whether this feature can be disabled or not, let’s assume you can log back in to iCloud within 72 hours using your old password. (A step in the right direction.)

How do you actually lock the thief out? Because, presumably, the ‘new’ password they changed yours to (which you won’t know) remains active also?
 
  • Like
Reactions: dk001 and adrianlondon
ADrunkenMarcus said:
Thank you.

Leaving aside whether this feature can be disabled or not, let’s assume you can log back in to iCloud within 72 hours using your old password. (A step in the right direction.)

How do you actually lock the thief out? Because, presumably, the ‘new’ password they changed yours to (which you won’t know) remains active also?
Click to expand...
Remove the authorised device that can generate 2FA codes (and/or phone number if they have a device that can receive text 2FA codes).

Change the password again and click the ’sign out of Apple devices and websites associated with your Apple ID’.

Thief can now try and login using the password that would work, but now can’t get a 2FA code because you have removed the authorised device and/or phone number that they have from your Apple ID.

That would be my assumption.
 
Last edited:
  • Like
Reactions: ADrunkenMarcus
mrochester said:
Remove the authorised device that can generate 2FA codes (and/or phone number if they have a device that can receive text 2FA codes).

Change the password again and click the ’sign out of Apple devices and websites associated with your Apple ID’.

Thief can now try and login using the password that would work, but now can’t get a 2FA code because you have removed the authorised device and/or phone number that they have from your Apple ID.

That would be my assumption.
Click to expand...
lol sounds like you would need to change the password twice in quick succession since both old and new password are presumed to work...not sure this is the whole story.
 
citivolus said:
lol sounds like you would need to change the password twice in quick succession since both old and new password are presumed to work...not sure this is the whole story.
Click to expand...
You wouldn’t need to change it twice, just remove the 2FA device or number the thief has and change password once, checking the box to force sign-out of all existing logins, assuming it works the way I assume.

You can change the password twice it you want, but without 2FA code, even if the thief has a valid password for your account, they still can’t access it.
 
  • Like
Reactions: ADrunkenMarcus
adrianlondon said:
I guess the thief could change it twice, so that you wouldn't know either the new or the old one.

The more I think about it, the more it seems it's useless for stopping this kind of identity theft. Maybe with more betas, more options will be given.
Click to expand...
The simplest thing to do is keep your device passcode safe.
 
  • Like
Reactions: adrianlondon
mrochester said:
The simplest thing to do is keep your device passcode safe.
Click to expand...
That's great advice for someone who doesn't live in the real world where criminals target people and actually follow them around just waiting for the right moment. The "simplest thing" would be measures like scrambling the keypad so that a numeric passcode can't be guessed so easily, but Apple refuses to even acknowledge the issue.
 
  • Like
Reactions: ozaz and ADrunkenMarcus
okkibs said:
That's great advice for someone who doesn't live in the real world where criminals target people and actually follow them around just waiting for the right moment. The "simplest thing" would be measures like scrambling the keypad so that a numeric passcode can't be guessed so easily, but Apple refuses to even acknowledge the issue.
Click to expand...
You need to always be vigilant about entering your device passcode in public.
 
  • Like
Reactions: ADrunkenMarcus
mrochester said:
You need to always be vigilant about entering your device passcode in public.
Click to expand...
Definitely, but you might only need to be distracted for a brief moment.

My iPhone recently decided it wanted my PIN to let me access the Apple Wallet (just when I was about to scan an electronic boarding pass at an airport gate). I swore (under my breath) but, fortunately, it wasn't too busy. So, I stepped aside, held my iPhone to my chest and entered the PIN when I was holding my iPhone under my jacket. I also entered what looked like 9 digits by moving my finger over some numbers and not pressing them. (Nothing like looking suspicious at an airport.) Sounds paranoid but regrettably it's necessary!
 
  • Sad
  • Like
  • Haha
Reactions: Wolfpup, TMax and MasterControlProgram
ADrunkenMarcus said:
Definitely, but you might only need to be distracted for a brief moment.

My iPhone recently decided it wanted my PIN to let me access the Apple Wallet (just when I was about to scan an electronic boarding pass at an airport gate). I swore (under my breath) but, fortunately, it wasn't too busy. So, I stepped aside, held my iPhone to my chest and entered the PIN when I was holding my iPhone under my jacket. I also entered what looked like 9 digits by moving my finger over some numbers and not pressing them. (Nothing like looking suspicious at an airport.) Sounds paranoid but regrettably it's necessary!
Click to expand...
Absolutely, and it’s only going to get more and more important as passkeys become more prevalent.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back