Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Bypass Stolen device protection (Beta)
- Thread starter P_Watt
- Start date
- Sort by reaction score
According to this article, Erase all content and settings is one of the features that is protected by biometrics.
512pixels.net
Stolen Device Protection Coming with iOS 17.3 — 512 Pixels
Earlier this year, Joanna Stern and Nicole Nguyen did some excellent reporting about how easy it is for someone to own your Apple ID if they steal your iPhone. Apple has responded with a new feature that has popped up in today’s beta of iOS 17.3. Michael Potuck has details at 9to5Mac: Apple has...
512pixels.net
I had my thumb over the camerasAccording to this article, Erase all content and settings is one of the features that is protected by biometrics.
Stolen Device Protection Coming with iOS 17.3 — 512 Pixels
Earlier this year, Joanna Stern and Nicole Nguyen did some excellent reporting about how easy it is for someone to own your Apple ID if they steal your iPhone. Apple has responded with a new feature that has popped up in today’s beta of iOS 17.3. Michael Potuck has details at 9to5Mac: Apple has...
Yes it says erase all content and settings, But I used reset all settings (settings, general, Transfer or reset iPhone, reset, reset all settings) don’t try it unless it’s your test phone)
When I tested it, after Reset all settings there was no passcode or face ID. Turn Wifi back on and you can add a new passcode and FaceID which can then be used to turn off the new protection. That then opens the phone fir resetting AppleID password using passcode which is the big security hole that Apple introduced a couple of years ago to save staff costs.
Still say all data is protected?
I didn't think Reset all settings would remove the passcode, but according to this site I found, it does.
macreports.com
Though it does seem like that would bypass Stolen device protection, I doubt that Apple has overlooked such a possibility. The public information about this feature won't be complete until 17.3 is released. I will guess that either biometric authentication will be required for Reset all settings, or Reset all settings will no longer remove the passcode and FaceID.
Perhaps we should move our discussion to the this existing thread:
www.macrumors.com
What does Reset All Settings Do on iPhone and iPad • macReports
The Reset All Settings option lets you reset all your preference settings. This can be a good option to try before attempting a master reset, the "Erase
macreports.com
Though it does seem like that would bypass Stolen device protection, I doubt that Apple has overlooked such a possibility. The public information about this feature won't be complete until 17.3 is released. I will guess that either biometric authentication will be required for Reset all settings, or Reset all settings will no longer remove the passcode and FaceID.
Perhaps we should move our discussion to the this existing thread:
iOS 17.3 Beta Adds New Stolen Device Protection Feature to iPhone
The first iOS 17.3 beta rolling out to developers today includes a new "Stolen Device Protection" feature that is designed to add an...
www.macrumors.com
All I can do is report it in FBA it’s up to apple to plug the gapI didn't think Reset all settings would remove the passcode, but according to this site I found, it does.
What does Reset All Settings Do on iPhone and iPad • macReports
The Reset All Settings option lets you reset all your preference settings. This can be a good option to try before attempting a master reset, the "Erase
Though it does seem like that would bypass Stolen device protection, I doubt that Apple has overlooked such a possibility. The public information about this feature won't be complete until 17.3 is released. I will guess that either biometric authentication will be required for Reset all settings, or Reset all settings will no longer remove the passcode and FaceID.
Perhaps we should move our discussion to the this existing thread:
iOS 17.3 Beta Adds New Stolen Device Protection Feature to iPhone
The first iOS 17.3 beta rolling out to developers today includes a new "Stolen Device Protection" feature that is designed to add an...
If you can get it moved please do, I posted it here in error
Please contact Apple via report on
security.apple.com
I had answer in 2-3 days, compared to Feedback app - there really works qualified people,
Not like in Feedback app - amateurs who asks for FW version when it’s already in logs and written down in report details because it was not in dropdown menu even though it was not beta version… but still I use it.
Bounty - Apple Security Research
Your security research may be eligible for a reward through the Apple Security Bounty. We welcome reports from anyone.
I had answer in 2-3 days, compared to Feedback app - there really works qualified people,
Not like in Feedback app - amateurs who asks for FW version when it’s already in logs and written down in report details because it was not in dropdown menu even though it was not beta version… but still I use it.
Last edited:
This bug seems to have been fixed in iOS17.3 beta 2
Reset all settings now mandates use of Face ID.
Reset all settings now mandates use of Face ID.
The problem with this post is that you didn’t give enough details for anyone to make anything out of this
When posting about an issue to MacRumours, give details relevant to the issue.
For example in the specific case of Stolen Device Protection:
When posting about an issue to MacRumours, give details relevant to the issue.
For example in the specific case of Stolen Device Protection:
- What did you do step by step to reset the device?
- Where were you when you did the reset? Remember that the protection doesn’t kick in “familiar locations”. Check in iOS significant locations if you did it in a familiar location.
- Could you have not seen the Face ID prompt because of the speed?
- Were you able to replicate the issue or was this a one off?
I gave more details in a later post.
Too late now. I reported it, Apple thanked me, they fixed it in beta 2.
All done.
That is incorrect as I understand it, the time delay should not be needed at familiar locations, but the biometrics are always required to do all the security access and changes in the list, wherever you are.
Last edited:
Do you know that’s not good to post details about unfixed security breach? Apple got the report luckily.
Giving scrap of details is enough to validate if someone faced it as well.
Don’t help the thieves
It’s beta software. Beta software by definition is unfinished/is expected to have bugs.Do you know that’s not good to post details about unfixed security breach? Apple got the report luckily.
Giving scrap of details is enough to validate if someone faced it as well.
Don’t help the thieves
Apple hasn’t even fully detailed yet how Stolen Device Protection works—all we have is light comms from tech websites.
In fact, beta software is likely to be less secure than an official release because of that.
If security is a concern, don’t install beta software.
Last edited:
I’ve only been an Appleseed tester for 3 years but it still amazes me that they don’t release beta versions of their knowledge base articles so that
1. we have some idea how it is supposed to work (I have reported design changes as bugs!) and
2. We can nit-pick the KBs which are not always perfect or missing on release if the iOS.
Public beta testers are given no help by Apple and the official ASC forum moderates any mention of beta (one reason I left after 10 years) so thank goodness for this forum.
I published this security hole as widely as I could because the official FBA rarely acknowledges my reports. It seems to have got through in time for beta 2.
I think the reason they don’t do KBs is because being beta, things can change quickly between betas, and Apple doesn’t likely want 5 versions of the same KBs for the beta.
There is a change log though that should capture most changes.
The beta problem is mostly for power users and a way for Apple to collect logs. I think most problems are detected through logs, and a minority through feedback.
Also, Apple definitely monitors the forums like MacRumors for issues and feedback.
