iPhone with 2-factor and Lost mode stolen and thieves remove iCloud :-(

Discussion in 'iPhone' started by imactor, Sep 22, 2017.

  1. imactor macrumors newbie

    imactor

    Joined:
    Dec 16, 2008
    Location:
    Santiago, Chile
    #1
    hi,
    The iPhone of a friend of mine was stolen a few days ago. She told me that FMI was activated with 2-factor. 15 minutes after the incident we turned on “Lost mode”.
    It turned out that the thieves were able to change her iCloud password and remove the iPhone from FMI.
    How do they did it?
    For the record: she NEVER recieved or opened a phishing email o sms.
    She has an iCloud account with Gmail.

    I’m trying to reproduce how they did this. Any ideas?

    Thanks
     
  2. noobinator macrumors 603

    noobinator

    Joined:
    Jun 19, 2009
    Location:
    Pasadena, CA
  3. Shirasaki macrumors G3

    Shirasaki

    Joined:
    May 16, 2015
    #3
    Does she only have one trusted device and SMS, both are her iPhone?
     
  4. Jesla macrumors 6502a

    Jesla

    Joined:
    Jan 7, 2013
    Location:
    Tennessee USA
  5. bufffilm Suspended

    bufffilm

    Joined:
    May 3, 2011
    #5
    Obviously, they guessed or obtained her password.
     
  6. imactor thread starter macrumors newbie

    imactor

    Joined:
    Dec 16, 2008
    Location:
    Santiago, Chile
    #6
    Yes
    --- Post Merged, Sep 22, 2017 ---
    Gmail also had 2-factor
     
  7. noobinator macrumors 603

    noobinator

    Joined:
    Jun 19, 2009
    Location:
    Pasadena, CA
    #7
    The only logical explanation based on the facts presented is Magic was involved.
     
  8. bufffilm Suspended

    bufffilm

    Joined:
    May 3, 2011
    #8
    1. Is she positive 2FA was enabled?

    2. What timeout settings were set on the phone when it was stolen?
     
  9. imactor thread starter macrumors newbie

    imactor

    Joined:
    Dec 16, 2008
    Location:
    Santiago, Chile
    #9
    Hahahaha
    --- Post Merged, Sep 22, 2017 ---
    Yes! The gmail password was changed also. But how can they know the address?

    The phone had Touch ID (and 6 digit code).

    iPhone 7 btw.
     
  10. Tomloes macrumors member

    Joined:
    Apr 21, 2015
    #10

    Saw this thread in the Ios11 forum https://forums.macrumors.com/threads/ios-11-security-concern.2070636/

    If they had her passcode, they might have used this bug/feature to change her icloud password.
     

Share This Page

9 September 22, 2017