Imagine being at a bar, and you are fiddling around with your iPhone. But unbeknownst to you, a person is not far away watching you type in that four-digit code to unlock your phone. When you walk out the door to your car and SWIPE. Someone grabs your phone and runs off with it.
But that’s not all.
Since they now have your passcode, they can get into your phone and do all kinds of things such as raid your money and personal information.
Scary right? But there is a new feature that apple released that will help protect you from such a scenario.
Apple has released iOS 17.3, which features a new featured called Stolen Device Protection. It’s designed to remove some of the loopholes that some thieves have taken advantage of to lock a user out of their Apple account and raid bank accounts.
Beyond theft
There are plenty of news stories online highlighting people sealing phones from iPhone users. Some go even further as The Wall Street Journal highlighted in recent reporting. Journalist Joanna Stern interviewed a prisoner in Minnesota who confessed to crimes related to a theft ring that not only stole devices from iPhone owners but also robbed them after the phone was stolen.
There were multiple steps the confessed thief, Aaron Johnson, 26, did in his hunt for an iPhone, according to The Wall Street Journal’s reporting: Pinpoint the victim, get the passcode, lock them out, take the money, and sell the stolen phones.
After getting the phone and passcode, he would change FaceID settings. This would then allow access to passwords and banking apps that authenticate using FaceID. This allowed him to shift funds from bank or cryptocurrency accounts. Johnson said he would then go on a shopping spree with the stolen funds and accounts. When he was done with the phone, he would then sell the devices he stole.
Imagine the scenario of not only losing your phone where your whole life is on it, but your personal identity is used to scam you out of hundreds or even thousands of dollars. You also have to work hard to fix the mess that was made including filing claims with banks and credit card companies, police reports, and so forth. Also, fight with Apple to get you back into your Apple ID account. If I were in the victim’s shoes, I would be livid.
How can you protect yourself?
It’s worth discussing how Johnson and his co-conspirators accessed the phones in the first place. A little social engineering took place.
“Dimly lit and full of people, bars became his ideal location. College-age men became his ideal target. ‘They’re already drunk and don’t know what’s going on for real,’ Johnson said. Women, he said, tended to be more guarded and alert to suspicious behavior.”
The thieves gain some minimal level of trust with the victims – just enough to let the would-be thief use their iPhone. The victim would also type in the passcode in plain view of the thief. Or, worse, some would just give them the passcode.
“‘I say, ‘Hey, your phone is locked. What’s the passcode?’ They say, ‘2-3-4-5-6,’ or something. And then I just remember it,’ Johnson described. Sometimes he would record people typing their passcodes.”
At this point, it’s game over.
With that said, keep your phone guarded at all times. Also have either FaceID or TouchID enabled. This will help limit the opportunity for a thief to see the passcode being entered.
However, there still may be occasions where the iPhone will ask for a passcode. If you have to enter it, just be sure to place the phone somewhere where it cannot be seen while you type it in.
And this goes to my next point: Be aware of your surroundings. This is not only for your personal safety, but also your things – Phones, wallets, etc.
Don’t give your phone strangers (#strangerdanger).
Plus, if you are at a bar, be sure that you don’t let yourself get inebriated to the point where you cannot make clear, logical decisions. Thieves, and people with worse intentions, will take advantage of that.
But say those things fail. Things slip through the cracks, sometimes.
Before you are in an environment where this kind of theft could happen, do the following now: Download and install iOS 17.3. It was released on Monday, Jan. 22. The updated version of iOS 17 can run on iPhones XR and XS and newer as well as iPhone SE (Second Generation) and newer.
This mobile operating system update will allow you to turn on a new feature called Stolen Device Protection. With this feature enabled, according to MacRumors, biometric authentication is still needed to access passwords in the iCloud Keychain, turn off lost mode, erase content, make purchases, etc.
If a thief were to get the device, they would have to wait an hour to change the AppleID password and also need your biometrics to enable to change. The one-hour wait period also stands for changes to FindMy, the passcode, FaceID or TouchID, and more.
It’s worth noting that the waiting period is waived if you are in a trusted location such as work or home. You can see what you have listed as home or work in the FindMy app.
- Open the FindMy app.
- Tap on a device you have.
- Tap “Notify when left behind.”
- Find “Notify me, except at.”
- From the aforementioned space, you can either add a new location or remove one.
You can also see what you have set as home or work in the apple maps app.
To download the new iOS update…
- Go to Settings.
- Tap General.
- Tap Software Update.
- If the update is available, you should see options to download and install now or later.
Once that update is finished installing…
- Return to the Settings App and open it.
- Scroll down to “FaceID and Passcode” or “TouchID and Passcode,” depending on your iPhone model.
- Where you see Stolen Device Protection, tap on “Turn On Protection.”
Other tips include creating a stronger passcode for your phone. Users have the option to create alphanumeric passcodes for iPhones. Make it hard for drifting and spying eyes to catch or remember it, but make the passcode easy for you to remember. Click here for the steps on how to set up your passcode.
Also, please refrain from placing personal information (e.g. account numbers, passwords, and other personally identifiable information (PII), etc.) on the Notes app. It’s tempting, but think about what would happen if someone swiped your phone and all of that info in plain text was there. If you need to have sensitive info in notes, you can create a password for each note in the Notes app (CNET explains how). Be sure it’s not the same as the passcode on the phone; otherwise, it kinds of defeats the purpose.
It’s worth noting that nothing is foolproof. It depends on how you set your settings, what environment you are in (e.g. public, private, work, home, restaurant, etc.), and how you respond to that environment. But installing this latest update and taking precautions while in public will help reduce the risk of becoming a victim with the costly task of getting your device or data recovered and your finances repaired.