Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Stolen iPhone - Criminals have full control and Apple cannot help!

M

Mike Boreham

macrumors 68040
Aug 10, 2006
3,914
1,896
UK
citivolus said:
Unfortunately this is not correct. I updated my wife's phone to iOS 17.0.1 which now has a Recovery Key set and confirmed the bug still exists. Here are the steps I took to be able to reset the Apple ID password with just the iPhone Passcode:
  1. Go to Settings -> Screen Time -> Change Screen Time Passcode -> Change Screen Time Passcode and Tap Forgot Passcode?
  2. Enter your Apple ID and tap OK in the top right corner
  3. Tap Forgot Apple ID or Password?
  4. A screen will appear which allows you to enter the iPhone Passcode
  5. Success :(
Click to expand...
Unfortunately you are right. :(. Apologies to those I have misled.

There is a small but obviously important difference in your steps and mine.

The steps I followed in thief mode were:

  • Go to Settings -> Screen Time -> Change Screen Time Passcode -> Change Screen Time Passcode and Tap Forgot Passcode?
  • Entered Apple ID
  • Tap Forgot Apple ID or Password?
  • A screen appeared asking for Apple ID or phone number
  • After supplying one of these I was asked for 28 digit Recovery Key.
Spot the difference? I did not "tap OK" at second step. If this is done, as @citivolus did, you are asked for phone passcode, not 28 digit Recovery Key.
 
Last edited:
  • Like
  • Love
Reactions: Fluttershy462, fzJNotIBOxgnbqejSeVCvJScL and KaliYoni
dumastudetto

dumastudetto

macrumors 603
Aug 28, 2013
5,531
8,309
Los Angeles, USA
Set a long alphanumeric password you can manage to remember.

You will have to enter it every day or three, but never in public unless it's an absolute emergency (scrolling through your Instagram feed is not an emergency, even if it feels like it to you).

If you do have to enter your passcode in public, shield as best you can, and consider that passcode is compromised and will require you to create a radically new one as soon as you can do it privately. This hassle will hopefully genuinely limit your passcode entering to absolute emergencies.

iPhones are built for privacy and absolute security if you exercise a little common sense.
 
C

citivolus

macrumors 65816
Sep 19, 2008
1,218
269
citivolus said:
Unfortunately this is not correct. I updated my wife's phone to iOS 17.0.1 which now has a Recovery Key set and confirmed the bug still exists. Here are the steps I took to be able to reset the Apple ID password with just the iPhone Passcode:
  1. Go to Settings -> Screen Time -> Change Screen Time Passcode -> Change Screen Time Passcode and Tap Forgot Passcode?
  2. Enter your Apple ID and tap OK in the top right corner
  3. Tap Forgot Apple ID or Password?
  4. A screen will appear which allows you to enter the iPhone Passcode
  5. Success :(
For the life of me I can't understand why Apple has not fixed this bug in iOS 17 given the amount of press it has already received.
Click to expand...
Thankfully this appears to finally be fixed in iOS 17.1!!! It was just released today and I tried the same steps as above.

At Step 4, a screen appears asking to confirm the phone number instead of the iPhone Passcode. Even if a thief were to enter the correct phone number for your device, it ends with a notice to check one of your other Trusted Devices. Hopefully the thief wouldn't also have another of your devices and would not be able to proceed with locking you out of your Apple ID :)
 

Attachments

  • IMG_2051.jpeg
    IMG_2051.jpeg
    101.1 KB · Views: 81
Last edited:
F

fzJNotIBOxgnbqejSeVCvJScL

macrumors regular
Jun 16, 2021
116
49
citivolus said:
Thankfully this appears to finally be fixed in iOS 17.1!!! It was just released today and I tried the same steps as above.

At Step 4, a screen appears asking to confirm the phone number instead of the iPhone Passcode. Even if a thief were to enter the correct phone number for your device, it ends with a notice to check one of your other Trusted Devices. Hopefully the thief wouldn't also have another of your devices and would not be able to proceed with locking you out of your Apple ID :)
Click to expand...
Thank you for your test. But what if I don't have a second Apple device? In my opinion, the best thing would have been if Apple asked for the recovery key.
 
M

Mike Boreham

macrumors 68040
Aug 10, 2006
3,914
1,896
UK
citivolus said:
Thankfully this appears to finally be fixed in iOS 17.1!!! It was just released today and I tried the same steps as above.

At Step 4, a screen appears asking to confirm the phone number instead of the iPhone Passcode. Even if a thief were to enter the correct phone number for your device, it ends with a notice to check one of your other Trusted Devices. Hopefully the thief wouldn't also have another of your devices and would not be able to proceed with locking you out of your Apple ID :)
Click to expand...
@citivolus When you posted this I clicked "like" but didn't get round to testing on my phones.

I just did and find nothing has changed for me. I can still change Apple ID password with just the phone passcode as before, using the exact steps in your post 794 :(
 
Last edited:
  • Like
Reactions: fzJNotIBOxgnbqejSeVCvJScL
C

citivolus

macrumors 65816
Sep 19, 2008
1,218
269
Mike Boreham said:
@citivolus When you posted this I clicked "like" but didn't get round to testing on my phones.

I just did and find nothing has changed for me. I can still change Apple ID password with just the phone passcode as before, using the exact steps in your post 794 :(
Click to expand...
Here's what I did:
  1. Buy new iPhone 15 Pro Max
  2. Restore iPhone 15 Pro Max from backup of my iPhone 13 Pro
  3. Update both phones to iOS 17.1
  4. Execute the steps in post 794 on each phone
  5. Results:
    1. at the last step, iPhone 15 Pro Max brings up a "Forgot Password?" screen - BUG FIXED! (as reported in post #807)
    2. at the last step, iPhone 13 Pro brings up the old "Enter iPhone Passcode" screen to reset the Apple ID password - BUG NOT FIXED!
  6. Both phones have identical data and are using the same Apple ID. I have no idea why the behavior is different, other than the model of iPhone. Could the hardware model be part of the solution? I don't know but I guess it's fair to say that the bug is still NOT FIXED and I give up 😔
 

Attachments

  • IMG_2061.PNG
    IMG_2061.PNG
    205.7 KB · Views: 64
  • 4. IMG_1374.PNG
    4. IMG_1374.PNG
    117.5 KB · Views: 59
  • Like
Reactions: fzJNotIBOxgnbqejSeVCvJScL
M

Mike Boreham

macrumors 68040
Aug 10, 2006
3,914
1,896
UK
citivolus said:
Here's what I did:
  1. Buy new iPhone 15 Pro Max
  2. Restore iPhone 15 Pro Max from backup of my iPhone 13 Pro
  3. Update both phones to iOS 17.1
  4. Execute the steps in post 794 on each phone
  5. Results:
    1. at the last step, iPhone 15 Pro Max brings up a "Forgot Password?" screen - BUG FIXED! (as reported in post #807)
    2. at the last step, iPhone 13 Pro brings up the old "Enter iPhone Passcode" screen to reset the Apple ID password - BUG NOT FIXED!
  6. Both phones have identical data and are using the same Apple ID. I have no idea why the behavior is different, other than the model of iPhone. Could the hardware model be part of the solution? I don't know but I guess it's fair to say that the bug is still NOT FIXED and I give up 😔
Click to expand...
My main phone is a iPhone 13 Pro Max. I guess it's possible the iPhone 15 behaves differently, but surprising.
 
O

OSXphoto

macrumors 6502
Dec 23, 2013
273
89
It appears as though Apple has listened to customers this round and built new layers of security into iOS 17.3.

What would really be neat is if Apple could enable affected users to wipe their stolen phone remotely, which should be possible now that the thief will be unable to reset the icloud password.
 
Last edited:
Sebski

Sebski

macrumors member
Oct 8, 2016
86
56
UK
OSXphoto said:
It appears as though Apple has listened to customers this round and built new layers of security into iOS 17.3.

What would really be neat is if Apple could enable affected users to wipe their stolen phone remotely, which should be possible now that the thief will be unable to reset the icloud password.
Click to expand...

You can erase any Apple device remotely from iCloud.com and Find Devices. That option has been there for a long time.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom