iPhone still not theft proof

[lordofthereef]

I've read of people offering services to remove iCloud locks online. They claim they can do it in person and bring it to them. This is one of those Facebook online yard sale pages where dubious stuff gets sold all the time. I'm unfamiliar with what is done (if it's even possible) beyond that. I've tried looking it up, for curiosity sake, and haven't been very successful beyond finding certain apparent exploits in specific iOS releases.

 

[laudern]

What was the pin on the phone?

 

[noobinator]

You either had an easy to guess PIN or they found your email somehow and you had an easy to guess PW. This stuff isn't easily hackable.

 

[Jtludwig]

Did you receive any messages claiming to be from Apple? I've heard of that scam quite frequently on the forums here lately. Theif gets the phone number from the phones SIM and sends an iMessage telling a user their phone was found and to login through a fake website to track it.

I bet this is what happened. There was another thread on here with the same complaint and this is exactly what happened.

 

[docc]

I bet this is what happened. There was another thread on here with the same complaint and this is exactly what happened.

I did receive a message but am aware of the scam so didn't fall for it.

None of my friends know my pass code so I really can't understand how someone was able to unlock it.

I was told that the only way an ios device would be taken off my list on icloud is if it was reactivated as a new device by someone else. I'm assuming that's what has happened as I'm not seeing it on my list anywhere.

Really disappointing that even after so much of improvement in security people can still easily reactivate a stolen device.

 

[maflynn]

Nothing is fool proof, but the security features Apple employs is a very good implementation. There's also some personal responsibility, if you have a simple 1234 password, it really won't be that good.

We hear occasionally the worst passwords being used for computers and I'm surprised so many people are still using passwords like "password" or 12345 etc, etc. OP, I'm not blaming you, just making a point that its a two part relationship. Apple security and also personal responsibility.

 

[docc]

Nothing is fool proof, but the security features Apple employs is a very good implementation. There's also some personal responsibility, if you have a simple 1234 password, it really won't be that good.

We hear occasionally the worst passwords being used for computers and I'm surprised so many people are still using passwords like "password" or 12345 etc, etc. OP, I'm not blaming you, just making a point that its a two part relationship. Apple security and also personal responsibility.

I had a complex 6 digit pass code apart from the fingerprint lock.

 

[silvetti]

Its likely that the thief was near/around you and saw you enter the pin into the phone. I see this on the train/subway daily. That is all one would need to enter and wipe the phone.

If he has find my phone activated the thief needs iCloud password.

 

[docc]

If he has find my phone activated the thief needs iCloud password.

Correct. And the only time I am required to type in a pass code is after I restart the phone. So, the idea that the thief must have seen me input the pass code is extremely unlikely.

 

[willmtaylor]

There are only 2 possibilities here:

1. There is some sort of previously unknown hack/security bypass out in the wild currently being utilized on your phone.
2. You aren't telling us the whole story (whether that be intentional or not).

I can tell you that from my experience on MRF over the past 7 years or so, it's probably #2.

Either way, as has already been said, you need to head to an Apple Store.

 

[docc]

There are only 2 possibilities here:

1. There is some sort of previously unknown hack/security bypass out in the wild currently being utilized on your phone.
2. You aren't telling us the whole story (whether that be intentional or not).

I can tell you that from my experience on MRF over the past 7 years or so, it's probably #2.

Either way, as has already been said, you need to head to an Apple Store.

Thank you for your input.

Not sure what you're accusing me of but that's quite presumptuous.

 

[I7guy]

Thank you for your input.

Not sure what you're accusing me of but that's quite presumptuous.

Either you were phished/scammed/social engineered in such a way access was granted to your accounts or someone found a way to bypass and reset the activation/icloud lock.

 

[Max(IT)]

Thank you for your input.

Not sure what you're accusing me of but that's quite presumptuous.

I don't think he's accusing you of anything, but even FBI can't unlock an iPhone easily (as you probably know) so it's very unlikely a common thief did it...
You did something wrong (unintentionally) or the thief is someone you actually know.

 

[docc]

I don't think he's accusing you of anything, but even FBI can't unlock an iPhone easily (as you probably know) so it's very unlikely a common thief did it...
You did something wrong (unintentionally) or the thief is someone you actually know.

Possibly.

Just wondering if there was anything else I could have done to avoid the account being accessed.

 

[joe-h2o]

Is your iCloud password secure? Do you have 2FA on your Apple ID? Is the email account that your Apple ID is linked to also secure?

The only way that you can remove the phone from iCloud is knowing that information, so even if the thief knows your passcode all he can do is unlock the phone. Removing it requires logging into iCloud, unless there is some unknown exploit in the wild that allows thieves to do it.

The alternative is that your phone has been stripped for parts and the thief has put in a "clean" logic board from another phone (perhaps one with a smashed screen), but that wouldn't explain the removal of your phone's IMEI from iCloud.

You have an information leak somewhere, or Apple does, since you did everything properly to lock out the phone when it was stolen, unless it was somehow removed from iCloud before you managed to send the lost mode command to it.

 

[Max(IT)]

Possibly.

Just wondering if there was anything else I could have done to avoid the account being accessed.

All this fuss about FBI vs Apple make me think it's highly unlikely something like that exists, especially if your iPhone was running iOS 9...

 

[Applejuiced]

There are only 2 possibilities here:

1. There is some sort of previously unknown hack/security bypass out in the wild currently being utilized on your phone.
2. You aren't telling us the whole story (whether that be intentional or not).

I can tell you that from my experience on MRF over the past 7 years or so, it's probably #2.

Either way, as has already been said, you need to head to an Apple Store.

Correct.
None of this makes any sense and its not the way icloud activation lock works.
Unless when you were logging in to try to track it you accidentally removed it yourself from your icloud account.

 

[Newjackboy]

Not in Settings, but they can in Safari, so they can be viewed in Settings - Safari - Passwords if you have the passcode

To me, this is the number 1 major security risk on an iPhone.

If you happen to grab and get someone's 4 digit pin, and they've used password auto fill, you can get into all their accounts, including gmails, banking sites. Everything. It's way too easy and Apple should restrict access to viewing all safari passwords. At the very least, also require the input of your Apple ID password to see the safari saved passwords.

 

[willmtaylor]

Thank you for your input.

Not sure what you're accusing me of but that's quite presumptuous.

You bet.

I'm not "accusing" you of anything (and that's not what "presumptuous" means. If I took the time to define "presumptuous" in a demeaning tone and in order to derail the thread, that would be presumptuous.)

I was stating my hypothesis based on my observations during 7 years in these forums. (Many) More times than not, someone posts a story/situation with an outrageous thread title, and later on--usually 3 or 4 pages deep in the thread--it's discovered that the OP was either purposefully withholding information OR that the OP mistaken.

I wish you the best of luck and I'm sorry you're going through this, but the likelihood that there's some unknown security vulnerability being utilized here, while possible, is extremely improbable.

 

[L T]

You can have all this protection but if they turn it off, remove the sim, put it on airplane mode then you have no way of tracking it.

Would be good if Apple brought in Touch ID/Passcode to be able to turn it off, or to 'lock' the sim tray

 

[Applejuiced]

It's not a LoJack solution. It's a theft deterrent. Not to track down the thief yourself and recover the stolen item.

 

[I7guy]

To me, this is the number 1 major security risk on an iPhone.

If you happen to grab and get someone's 4 digit pin, and they've used password auto fill, you can get into all their accounts, including gmails, banking sites. Everything. It's way too easy and Apple should restrict access to viewing all safari passwords. At the very least, also require the input of your Apple ID password to see the safari saved passwords.

In 9.3 if you try to open safari passwords, doesn't it ask you for the password or touch id? It does on my 6s.

You can have all this protection but if they turn it off, remove the sim, put it on airplane mode then you have no way of tracking it.

Would be good if Apple brought in Touch ID/Passcode to be able to turn it off, or to 'lock' the sim tray

My phone is locked down, not to say it can be hacked but:
1. no notifications on lock screen
2. siri disabled on lock screen
3. different sim passocode than the standard
4. control center disabled on lock screen
5. erase after 10 unsuccessful tries

So sure, doesn't make my phone hackproof, but if someone walks off with whilst locked they can turn it off and that be it. The sim can be removed. May never get it back but everything is all backed up on itunes regularly and hopefully my digital life is not compromised.

 

[CBR900RR]

Can the thief toast it in a microwave oven, take it to apple store for warranty exchange, it is a 6s plus, it should be less than 6 months old, apple recycle it and remove it from icloud.

 

[C DM]

Can the thief toast it in a microwave oven, take it to apple store for warranty exchange, it is a 6s plus, it should be less than 6 months old, apple recycle it and remove it from icloud.

It would still be activation locked though, right?

 

[cynics]

If you can get the passcode somehow then you can goto setting > safari > passwords.

Then intentionally fail the touchid to enter the passcode again.

Then look under Apple.com and/or iCloud.com. There is a good chance you'll find the appleid and password. You can also find credit card and bank logins in that area too.

This isn't a flaw per say however I wish "passwords" we're behind the separate restrictions passcode.