Security Hole in "Find My iPhone"

Discussion in 'iOS 7' started by Chazz08, Nov 14, 2013.

  1. Chazz08 macrumors 6502

    Joined:
    Dec 4, 2012
    #1
    I just realized this recently, since I lost my iPhone. I might need a little clarification, though. Maybe it's alright.

    When you put your phone in lost mode or make the sound go off, if someone finds your phone, they could simply turn off the wifi and cellular from the lock screen, effectively disabling "Find My iPhone". They could make the airplane mode button un-touchable when the phone is locked. I guess that could be a fix.
     
  2. PNutts macrumors 601

    PNutts

    Joined:
    Jul 24, 2008
    Location:
    Pacific Northwest, US
    #2
    The suggestion work-around for this issue is to disable Control Center from the lock screen.
     
  3. SA Spyder macrumors regular

    Joined:
    Oct 15, 2012
    #3
    Doesn't matter, the phone to them is paperweight without your Apple ID password. The next time the phone even sniffs internet, it'd lock itself permanently (until your Apple ID password is provided to the phone) so make sure your password is a good one and you don't type it in in clear view of anyone.
     
  4. Chazz08 thread starter macrumors 6502

    Joined:
    Dec 4, 2012
    #4
    I kindly disagree. All they'd have to do is plug it into a computer and restore it, unless they way to do that's been changed. Before I could do that without my Apple ID.

    ----------

    Didn't think of that, but sometimes I actually use control center from the lock screen. If they would let us add what's on the lock screen, that would be nice too. Hmmmmm. I guess until they change it up, if they are even going to, I'll have to do that. I'd rather not chance someone being able to steal my phone.

    ----------

    Maybe the better thing to do would be to disable that feature when "Lost Mode" is enabled. And maybe disabling the power off switch too. I'd also like to see the Find My iPhone link to the serial number instead, or something of that nature, in case they are able to wipe the phone before you get to it.
     
  5. Jburnette87, Nov 14, 2013
    Last edited by a moderator: Nov 14, 2013

    Jburnette87 macrumors member

    Jburnette87

    Joined:
    Mar 18, 2012
    Location:
    Poplar Bluff, MO
    #5
    But if its on io7, it will restore but they wont be able to bypass activation until they enter the original owners apple id and pw.
     
  6. PNutts macrumors 601

    PNutts

    Joined:
    Jul 24, 2008
    Location:
    Pacific Northwest, US
    #6
    I agree. I have Control Center turned off on both the lock screen (for that reason) and apps (because of conflicts with apps that also swipe up from the bottom). I would prefer to use it in both those places. Touch ID somewhat minimizes the impact because it's easy to unlock but I really want to be able to just swipe and turn on the flashlight.
     
  7. Bathplug macrumors 6502a

    Joined:
    Jul 12, 2010
    #7
    New with ios 7. When you turn on find my iphone it enables activation lock. The thief can't do anything with a stolen phone. Your apple i.d is required to turn off find my iphone, erase the device and to reactivate it.
     
  8. Chazz08, Nov 14, 2013
    Last edited by a moderator: Nov 14, 2013

    Chazz08 thread starter macrumors 6502

    Joined:
    Dec 4, 2012
    #8
    Ahhhhhh. I didn't think of that. Even if they wipe it? That would be good news for my friend. (We had some bad luck one day....we are in the Middle East and both left our phones in two different taxis, but his is locked to AT&T. Mine was on the local network and we tracked it.) So even if they wipe his phone and reinstall iOS 7, they'd need his Apple ID?
     
  9. pittpanthersfan macrumors 6502

    pittpanthersfan

    Joined:
    Jun 7, 2009
    #9
    It has.
     
  10. Chazz08 thread starter macrumors 6502

    Joined:
    Dec 4, 2012
    #10
    Ok. That would make my friend's situation more complicated since it's not connected to internet here. Bummer.
     
  11. SA Spyder macrumors regular

    Joined:
    Oct 15, 2012
    #11
    Yep. iOS 7 and Find my iPhone have practically destroyed the "stolen iPhones" market.
     
  12. Bathplug macrumors 6502a

    Joined:
    Jul 12, 2010
    #12
    I believe you can connect the phone to iTunes and enter the apple i.d and password.
     
  13. Chazz08 thread starter macrumors 6502

    Joined:
    Dec 4, 2012
    #13
    Sorry, I mean his is still lost, but since it's not connected to the internet, it won't be able to be put into lost mode. Unless Apple made it to where it would still be contacted from the Find My iPhone app after it's wiped and restored.

    ----------

    That's pretty awesome actually. I just hope that it would still contact his phone after it's wiped and restored since it can't connect to the internet right now. If I recall correctly, though, it asks to connect to wifi before the Apple ID on a new setup, so hopefully once they connect it will lock it down. That would be awesome!
     
  14. Black Magic macrumors 68000

    Black Magic

    Joined:
    Sep 30, 2012
    #14
    You keep missing the point. It can't be wiped and restored if they don't know the original owners apple id PW.
     
  15. Chazz08 thread starter macrumors 6502

    Joined:
    Dec 4, 2012
    #15
    Ummmm...yeah it can. I've done it even with iOS 7 on my own phone. You don't get the point I'm saying. It's not connected to the internet at all. It can't be put into lost mode.
     
  16. Bathplug macrumors 6502a

    Joined:
    Jul 12, 2010
    #16
    Well does it have a password? Either way its still a paper weight to anyone else.
     
  17. PNutts macrumors 601

    PNutts

    Joined:
    Jul 24, 2008
    Location:
    Pacific Northwest, US
    #17
    Depending on his frame of mind he can go ahead and put it in Lost Mode or send it a remote wipe for if / when the phone connects to a network. It might turn up or someone catches a case of remorse. Hope he gets it back.
     
  18. ScottW1 macrumors regular

    Joined:
    Aug 27, 2010
    #18
    Actually, you can "wipe" it and you can "restore" it. You just can't "Activate" it, assuming "Find my iPhone" was turned on.

    Using DFU mode, the device can be wiped and a fresh copy of iOS7 can be restored with iTunes. That will get it to the "Hello" screen. But before it can do anything useful, it has to be activated. That is where iOS7 "activation lock" comes into play, as Apple's servers still know the iPhone was associated to a particular AppleID with FindMyIphone active, and will not activate the iPhone until that AppleID and Password are entered. End of Story.

    Unable to be Activated, the phone is primarily useful for parts or as a pretty paperweight.
     
  19. Chazz08 thread starter macrumors 6502

    Joined:
    Dec 4, 2012
    #19
    Now that's what I was getting at! :) That's what I was saying I was hoping would happen. So as long as Apple's servers know, then they still can't do anything. AWESOME! Apple thought of it all before me. haha. Of course they would!

    ----------

    He went ahead and tried the lost mode and sent a message to it. We weren't sure it would ever go through since it wasn't on the internet. Seems from some other people's posts, it will even if it's wiped and restored. So that's good to know. :) He put my number to call since I'll be in the country for 6 more months. He leaves tomorrow though. So hopefully someone decides to call!
     
  20. C DM macrumors Westmere

    Joined:
    Oct 17, 2011
    #20
    Yup, Activation Lock will take care of it if they wipe the phone and try to use it after that.

    As for disabling Airplane Mode from Control Center on the lock screen and all that, it can be helpful, but since there are still simpler ways to stop the phone from communicating with anything, like simply pulling the SIM card and/or powering off and/or putting it in a metal box or some place with no reception, it wouldn't really help as much.
     

Share This Page