Stolen iPhone - Criminals have full control and Apple cannot help!

[Unregistered 4U]

Look, I agree with what you are saying, but that doesn't mean Apple shouldn't offer a better solution for these situations. Even if it is imperfect it is still better than what is there now, which is "passcode unlocks everything and there is nothing else that can be done except hide your passcode from everyone else."

All security is imperfect, but the more difficult it becomes to take over someone's account, the better. The thieves move on to easier targets.

Even if there was a 30 minute waiting period (or some configurable time limit) to reset the Apple ID password, that would give victims of theft some time to remotely lock the device.

Something - anything - would be welcome.

I agree that it would be good for there to be something for folks that are prone to showing unknown people their PIN and then allowing those unknown people to take the device that goes with that PIN. But, it’s going to be quite difficult for anyone to design around the assumption that the primary means of security (i.e. maintaining device in your possession, not providing the method of access to others) will be defeated by the user. As a result, remedies won’t be quick in coming as each addition is another set of security features that now have to be tested to ensure that they haven’t created any new vulnerabilities in that additional code.

Until then, the best knowledge anyone can give anyone regarding this is, that they should know that their passcode unlocks everything. They should hide it from everyone. And, if they share their PIN with others (i.e. multiple people use the PIN on that device), they’re increasing the likelihood that they’ll one day be exposed to a very bad and VERY painful situation.

 

[adrianlondon]

To make changes to anything related to iCloud would require entering the Apple ID password, which of course should be different from the phone passcode.
Which security feature you claim can be disabled with the passcode?

I am really sorry you ended up in this mess, but something here is not quite right.
Unless all of your passwords (including the one for Apple ID) are the same as your passcode, none of this should be possible.

It seems you've not read the thread. The iCloud/Apple ID password can be reset without knowing the old one once the phone is unlocked.

So, you had the banking app access code set to be the same as your phone passcode?

The banking app codes are usually resettable by either being sent an email or sms with a reset link. Once the phone is unlocked, emails and text messages are accessible without further security. As it said in the post you replied to.

 

[Wando64]

It seems you've not read the thread. The iCloud/Apple ID password can be reset without knowing the old one once the phone is unlocked.

Please tell me how.
This doesn’t seem to be possible on my phone (I’ve just tried)

EDIT:
I’ve tried again and you are absolutely correct.
Thanks

The banking app codes are usually resettable by either being sent an email or sms with a reset link.

You need to change bank.
This is not possible with any of my UK banks.
You need to go through levels of security involving passcodes, memorable words and dates, etc…

 

[adrianlondon]

Please tell me how.
This doesn’t seem to be possible on my phone (I’ve just tried)

Click settings.
Click the Apple ID pic at the top.
Click Password & Security
Click Change Password
Enter passcode (the phone pin)
enter new password twice

As for the banking apps, I'm just taking the OP's word. I'm not going through any reset options for my banking apps in case I get locked out

 

[Unregistered 4U]

Agreed. It's not realistic for people to never enter their passcode in public where a camera or another person can see the way things work right now.

I mean, it’s GOING to be realistic pretty soon. As I realized in an earlier post I made, for those folks LOOKING for this, it’s got to be dead easy for them to see someone enter their PIN, then put their phone down beside them. If I had to guess, they probably first check to see who’s sitting their phones down on the table, preferably towards the edge. At that point, they’ve only got their eyes in those few. Then, they just watch those people. If even 1 of them enters their PIN and it was seen clearly enough, YOINK gone.

I would bet they don’t even risk it if they can’t guarantee that they got the PIN clearly enough. Be patient and someone will come along, lift up their glasses, squint at the screen and very clearly tap out the PIN.

 

[turbochgd]

Oh, and the screen time PIN can be reset with phone passcode, so that’s not a solution either.

From what I can see the screen time PIN can only be reset using your Apple ID & Password. Thieves shouldn’t have access to that.

 

[Apple_Robert]

I wear my watch and it unlocks my phone for me. I also don’t unlock my phone via passcode in public. I have my phone locked down as tight as I can. If my phone gets lost or stolen, whoever has the phone won’t be able access most of the phone. Almost all of my apps require FaceID to open

The OP made an honest mistake and hopefully those reading will take heed and not make the same mistake.

 

[OSXphoto]

First, @danclara i really feel for you man. I have read the entire thread and I am learning from your struggles. And despite your personal dismay, can I just say how good of you to turn your own misery into a multitude of good for this community here by sharing your story and making us aware?

Second, I see many solid arguments that Apple should do more to keep us safe. However, has anyone thought of how it may not be in Apple’s interest to make it harder to change the Apple ID password?

#1 Apple support will need to spend much more time helping people that lose their Apple ID password, a service free to users but costly for the company

#2 Apple may fear bad rep from the mass group of average users who want to recover their Apple ID password if the procedure is very complicated or time consuming. Remember that nearly all in this group still have access to their iPhones and appreciate the fact that Apple ID password reset is easy. [Edit: IOW I would have low expectations for Apple acting on this anytime soon]

That said, I completely agree that Apple would do good to create a new enhanced security option buried in the settings menu somewhere so people like us here can decide to switch it on.

 

[FreakinEurekan]

Have you asked your network provider to block your SIM & more importantly device by IMEI number? Once blocked it will just be a useless brick.

Meh - useless through that carrier. The VAST majority of stolen iPhones get shipped overseas.

 

[FreakinEurekan]

Yes, but in your example the thief has the old password. You probably we’re saying that Apple should have everyone setup a Master passcode and a regular passcode. The thief would have to have the master passcode and the regular passcode in order to change anything. I agree that Apple should implement this

The trick, of course, is that SOOOOOO many people would “Forget” their Master passcode & it would be a support nightmare for Apple.

 

[jaytv111]

From what I can see the screen time PIN can only be reset using your Apple ID & Password. Thieves shouldn’t have access to that.

You can reset the Apple ID password with device passcode.

 

[Howard2k]

I wear my watch and it unlocks my phone for me. I also don’t unlock my phone via passcode in public. I have my phone locked down as tight as I can. If my phone gets lost or stolen, whoever has the phone won’t be able access most of the phone. Almost all of my apps require FaceID to open

The OP made an honest mistake and hopefully those reading will take heed and not make the same mistake.

I use faceid to protect my passwords but if faceid fails (it’s not my face) it will allow access to password via PIN.


I don’t let my phone remember banking passwords.

 

[HarryMudd]

You can reset the Apple ID password with device passcode.

I believe it used to be this way. Apple changed it so that you could reset your Apple ID password with just the passcode. It didn’t used to be that way. My understanding is that they switched it because of so many complaints that people had forgotten their password and couldn’t recover their Apple account.

 

[danclara]

So, you had the banking app access code set to be the same as your phone passcode?

No but my bank allows you to re-register for online banking if you can verify email and/or SMS codes.

 

[danclara]

No but my bank allows you to re-register for online banking if you can verify email and/or SMS codes.

Monzo even let you login just via a 'magic link' received via email.

They wiped my Monzo out, but luckily I only had £6 in there. Ha.

 

[Wando64]

No but my bank allows you to re-register for online banking if you can verify email and/or SMS codes.

Which bank?

 

[Paddle1]

First, @danclara i really feel for you man. I have read the entire thread and I am learning from your struggles. And despite your personal dismay, can I just say how good of you to turn your own misery into a multitude of good for this community here by sharing your story and making us aware?

Second, I see many solid arguments that Apple should do more to keep us safe. However, has anyone thought of how it may not be in Apple’s interest to make it harder to change the Apple ID password?

#1 Apple support will need to spend much more time helping people that lose their Apple ID password, a service free to users but costly for the company

#2 Apple may fear bad rep from the mass group of average users who want to recover their Apple ID password if the procedure is very complicated or time consuming. Remember that nearly all in this group still have access to their iPhones and appreciate the fact that Apple ID password reset is easy. [Edit: IOW I would have low expectations for Apple acting on this anytime soon]

That said, I completely agree that Apple would do good to create a new enhanced security option buried in the settings menu somewhere so people like us here can decide to switch it on.

It needs to be default to discourage theft. Apple ID passwords require both capital and lowercase letters, are alphanumeric and they also heavily encourage 2 factor authentication with another device and lock certain features behind it. For additional security you're also not allowed to reuse an old iCloud password if you change it.

All of that can be bypassed with a simple 4 digit pin. Apple doesn't do a good job of making clear how powerful the passcode is. All those other so called "security measures" are rendered useless.

 

[cdsapplefan]

The trick, of course, is that SOOOOOO many people would “Forget” their Master passcode & it would be a support nightmare for Apple.

One thing certain is that the current passcode way is flawed and old in our current digital age, it’s definitely time for a change, maybe biometric authentication. What about touch id and security questions?

 

[Michaelangelo28]

I work in London and was at a restaurant/bar on Thursday. I use FaceID and have a 6 digit pin. During the night my FaceID must have failed at some point.

My phone went missing from my pocket and I realised within 5 mins. I was very suspicious. I instantly went on my friend's phone and attempted to login to my icloud. My password did not work.

Long story short from here but it had been stolen and the thieves had my passcode. They locked me out within minutes. There is a massive security flaw that allows this to happen.

I am reasonably cyber security aware (or so I thought). I had two step authentication set up on iCloud. I used my wife's number for this, thinking that makes things way more secure. It does not.

Apple allowed the thief to lock me out and change my password for icloud.

They have had full control of my phone and data for 5 days now. I can't disable my account and I can't login.

I am stuck in a recovery loop. 1 day later I had a new sim with my phone number. I can verify the code for this and also my wife's number. I verify the code sent to my email that I have regained control of.

Final request was for me to enter my bank card in full. I did this originally but I have had to cancel all cards as the thieves used my Apple pay to buy £1000s in Apple products!

I have visited an Apple store with my passport but absolutely nothing helps me. The power is with the criminals and I cannot stop them.

I waited 72 hours for recovery but then heard nothing. No sms or email.

I was told to try recovery again but it has gone back to where I was 5 days ago.

Meanwhile the criminals are using my WhatsApp to extort money from my contacts (1000+ of them) pretending to be me needing money. I have found out 4 have sent money and it could be a lot more.


I am powerless to stop this.

Does anyone know why my recovery is failing despite having all the information Apple asked me for?

Are the criminals with my device able to block my request from the device?

I haven't slept in 5 days with worry. They also sent threatening messages from my phone to my wife, with photos of my children.

Still Apple will do nothing to help. It is sickening.

My sister from London also filed a case because her phone got snatched too, unfortunately the police dont accept the evidence that they can track and found where it was

 

[arc of the universe]

Here's how Apple should fix it

1. Allow us to prevent icloud password changes on device without current password.
2. Absolutely NO changes in the Password & Security without the icloud password
3. Restrict keychain access with icloud password or face id only
4. If icloud account recovery is needed, ability to set a waiting period or allow to bypass with a recovery key or secondary trusted phone number

Yes.
Elegant, and simple.
a simple toggle, that users can decide to use or not, to prevent changes to the iCloud password if the current password is not entered first.
gaining access to the device is one thing. causing havoc to yr entire on-line presence is a different level.
making it opt-in leaves the ability for apple to still market and sell iPhones to hundreds of millions of users who prefer less involved ways to change an iCloud password that has been forgotten.

 

[Tdude96]

First of all, I'm very sorry this happened to you. Thank-you for raising the issue again, as it's clearly something people need to keep in mind.

As others have mentioned, this security flaw is almost certainly by design.

The simple fact is, many many many more people are going to forget their iCloud password than are going to have their phones screenhacked and then stolen. Getting all the iCloud password changes/verifications/recoveries done is bound to be far more time consuming and problematic and lead to more customer complaints for Apple than doing it for the relatively small subset of people whose phones were stolen. In the interest of faster and more reliable customer service, it makes far more sense for Apple to have an easy way to reset the iCloud password when it's forgotten.

I think the first takeaway message here should be to secure devices with as long and complex of a passcode/passphrase as you can reliably remember. Just in case you have to enter it publicly. If someone's looking over your shoulder, there's a limit to how much they can memorize. If it's too complicated to memorize quickly, they'll choose an easier target. And every device should be secured with a unique passcode/passphrase. We're not generally talking about sophisticated criminals here who have hacked into CCTV and are looking at high-res slow-mo closeups where they can see every keystroke you make. In a case like this they're looking for quick and easy.

That said, it seems like there should be a relatively easy way for Apple to address this scenario. For example, giving users an option to secure their iCloud password & account recovery options with a 2nd PIN that (should) not match any device PIN or passcode. Since the only reason to enter this PIN would be when messing with account settings, it shouldn't be as susceptible to screenhacking. For what it's worth, this should fail out after a certain number of tries, and eventually be able to reset using just the device passcode or passphrase. But put it on a 72 hour timer so if the device passcode was compromised, the account owner has time to lock out and erase the device if it was stolen. Another, and probably more secure, way would be to require FaceID or TouchID rather than a 2nd PIN - again with the timeout.

And yes, I'm ignoring the scenario raised in a few posts about violent means being used to extract personal data like passcodes, passphrases, and PINs and even FaceID or TouchID. First, it's an outlying scenario. Second, if someone is threatening or actively perpetrating harm upon you and you have no reasonable means to fight back without risk to yourself, in the vast majority of situations the best thing to do is give them what they want, walk away as intact as possible, and try to put the pieces back together later as best you can.

I'm further ignoring social engineering attacks. Short of requiring multi-factor authentication with a separate physical device for account changes (something most people aren't going to do) there's very little Apple could do to protect people who willingly volunteer private information.

 

[jaytv111]

I believe it used to be this way. Apple changed it so that you could reset your Apple ID password with just the passcode. It didn’t used to be that way. My understanding is that they switched it because of so many complaints that people had forgotten their password and couldn’t recover their Apple account.

Apple used to (still does) let you reset your password with SMS, so if you had the phone passcode in the past it would be trivial to get the password reset, you just had a different method but you still used the phone passcode to get in. In fact the security is worse for SMS; use a SIM card with no SIM PIN and it’s game over with or without passcode (many people just take the default and set no SIM PIN). That’s why OP (if he’s lucky) can reset with SMS but they have a timeout period. The passcode method is much more direct and secure, but the downside is now criminals are getting more patient. I couldn’t imagine hanging around a bar all night just to get a glance at someone putting a passcode in and then you also have to steal the phone. But it happens I guess. Oh yeah, also longer PINs should help tremendously, 4 digits are trivial to remember, 6 is kinda iffy, I set mine to 9 after hearing about this, lol.

 

[cdsapplefan]

Apple used to (still does) let you reset your password with SMS, so if you had the phone passcode in the past it would be trivial to get the password reset, you just had a different method but you still used the phone passcode to get in. In fact the security is worse for SMS; use a SIM card with no SIM PIN and it’s game over with or without passcode (many people just take the default and set no SIM PIN). That’s why OP (if he’s lucky) can reset with SMS but they have a timeout period. The passcode method is much more direct and secure, but the downside is now criminals are getting more patient. I couldn’t imagine hanging around a bar all night just to get a glance at someone putting a passcode in and then you also have to steal the phone. But it happens I guess. Oh yeah, also longer PINs should help tremendously, 4 digits are trivial to remember, 6 is kinda iffy, I set mine to 9 after hearing about this, lol.

How you gonna remember 9 digits unless it’s your phone number? There should be a 3-day wait period and security questions and bring back touch ID

 

[jaytv111]

How you gonna remember 9 digits unless it’s your phone number? There should be a 3-day wait period and security questions and bring back touch ID

I had a 6 digit PIN I used for a while (never been compromised), then I upped it to 9 by adding 3 more digits.

I also wrote it on paper and kept the paper with me for a weekend until I was comfortable putting in the PIN from memory.

 

[mrochester]

As usual, this is a balance between security and convenience.

If Apple makes it so that iCloud passwords can’t be reset using a device passcode then people who can’t remember their icloud password but can remember their passcode are locked out.

The current situation allows those people to reset their iCloud password, but makes everyone at greater risk of this kind of theft.

Which one happens most often and therefore which situation should Apple design for? Is there a design that satisfies both situations?

Also, NEVER make your banking app logins the same as your device passcode.