Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

emembee

macrumors 6502
Original poster
Oct 31, 2013
328
97
Surrey,UK
Apologies if this is the wrong forum, can mods please refile if necessary?

My son’s iphone (IP14 PLUS) was stolen in early hours of this morning (1 Nov) but I didn’t find out about it till about 7am. I managed to get the iCloud pw changed as my phone is a trusted number but prior to that the thief had already turned off find my, updated the pw and I was not able to see it to erase. I found thsi out sfter I logged bck into his email (he has special needs so ihave access to his acct).


Having barred the sim, I managed to get a new sim with the same number but am worried the thief has got more info from his icloud account though nothing suspicious shows except that the thief has been able to turn off find my and then change the password.


TLDR; My question is if a phone is stolen and open (not locked), can a thief or fraudster turn off find my quickly without knowing the original password but saying ‘forgot password’ and then a code was sent to the phone? If so, then this is a serious gap in the security.

Many thanks to anyone who can help.
 

russell_314

macrumors 604
Feb 10, 2019
6,659
10,260
USA
TLDR; My question is if a phone is stolen and open (not locked), can a thief or fraudster turn off find my quickly without knowing the original password but saying ‘forgot password’ and then a code was sent to the phone? If so, then this is a serious gap in the security.

Many thanks to anyone who can help.
The most likely scenario is the thief observed you putting in your passcode. With stolen device protection turned off that’s all they need to reset and take the phone off of your iCloud account.

They can do a whole lot more damage because they have access to everything on your phone to include all your passwords and financial accounts.

Change all your passwords immediately if you haven’t done it already.
 
  • Like
Reactions: FreakinEurekan

emembee

macrumors 6502
Original poster
Oct 31, 2013
328
97
Surrey,UK
The password was changed first, then 2 minutes later Find My turned off. How was the pw changed without the thief knowing the original Apple ID password?
 

emembee

macrumors 6502
Original poster
Oct 31, 2013
328
97
Surrey,UK
OP, why are you still posting here? Do what @russell_314 is saying!!!!
The iCloud pw has been changed ok and secure now, the query was how could the pw be changed if fraudster does not know the original Apple ID, that's all I wanted to understand. The thief would not know his passcode either. Anyway I will not post again unless I can get more info that might be useful to others.
 
  • Like
Reactions: russell_314

russell_314

macrumors 604
Feb 10, 2019
6,659
10,260
USA
The iCloud pw has been changed ok and secure now, the query was how could the pw be changed if fraudster does not know the original Apple ID, that's all I wanted to understand. The thief would not know his passcode either. Anyway I will not post again unless I can get more info that might be useful to others.
Your Apple ID is in the phone he took. Settings, click your Apple ID, click change password. That’s what he did.

If he removed the device from your iCloud, then he can’t reset your iCloud password again. There is a possibility that he saved all your other passwords saved on your iPhone. For example, if you had your Gmail account password saved, he could use it to log into your Gmail.

It’s not likely because he probably just wanted the iPhone. Either way you should change all of your passwords to be safe, but you have to decide what’s best for you.
 

NoBoMac

Moderator
Staff member
Jul 1, 2014
6,282
4,971
Are we overthinking this?

Could it be as simple as find phone lying there unlocked (or shoulder surfed to get passcode), get in/on, reset phone to factory? Since not yet reported/flagged stolen/lost, activates OK?

Done and done and can, as @russell_314 said, just wanting the phone to resell at that point.
 
  • Like
Reactions: russell_314

russell_314

macrumors 604
Feb 10, 2019
6,659
10,260
USA
Are we overthinking this?

Could it be as simple as find phone lying there unlocked (or shoulder surfed to get passcode), get in/on, reset phone to factory? Since not yet reported/flagged stolen/lost, activates OK?

Done and done and can, as @russell_314 said, just wanting the phone to resell at that point.
Very true it’s likely he shoulder surfed the passcode to reset the iPhone to sell it. If it was my iPhone, I would still change all of my passwords but it’s probably not necessary. I always try to err on the side of caution
 
  • Like
Reactions: NoBoMac

jaytv111

macrumors 65816
Oct 25, 2007
1,027
870
If the SIM didn’t have a PIN on it, it’s trivial to take out the SIM then put into a new phone and get any login code needed, including iCloud and Find My.
 

emembee

macrumors 6502
Original poster
Oct 31, 2013
328
97
Surrey,UK
Quick update, all passwords changed and seems ok, can’t see any issues with banking either. Will obviously look at stolen data protection in future with faceid added and have locked it with screen time. Expensive lesson learnt, will not forget, also adding a tether to phone and belt.
 

Fred Zed

macrumors 603
Aug 15, 2019
5,819
6,515
Upstate NY . Was FL.
Just to understand this further. If the perp shoulder surfed he or she would immediately remove the iPhone from Find My. Once this achieved wouldn’t the criminal now have access to all stored data on the iPhone including passwords etc ?
 

emembee

macrumors 6502
Original poster
Oct 31, 2013
328
97
Surrey,UK
What I think happened was phone taken but was fully open and not protected with screen time or not allowing account changes so attacker immediately went to sign in security to change password (no auth needed), from there turned off find my and so we were unable to erase (as it was 3 hours later anyway). Not sure how long attacker had access to data and what was looked at, I visited Apple Store who told me as soon as the password had been changed by me and sim barred then the person could not see any more info. I dont know how true that is but I reported crime and registered IMEI number but have not yet had it blacklisted. So far no hacking into bank account (pw changed) but still some concern that person had access for 3 hours to data and can do something with it though am more inclined to think phone wiped for selling on to 3rd party.
 

FreakinEurekan

macrumors 604
Sep 8, 2011
6,539
3,418
Had Stolen Device Protection been enabled, it would not have been possible. So the only conclusion I can come to is that it was turned off or was on too old an iOS version to support it. SDP is turned on by default so the only way it would be off (on a supported version) is if it had been turned off.
 

I7guy

macrumors Nehalem
Nov 30, 2013
35,145
25,240
Gotta be in it to win it
Enabling stolen device protection provides a base level of security. Also putting Face ID in sensitive apps helps and enabling screen time passwords for location services, sharing location, passwords and accounts also provides a measure of security.
 

Fred Zed

macrumors 603
Aug 15, 2019
5,819
6,515
Upstate NY . Was FL.
Had Stolen Device Protection been enabled, it would not have been possible. So the only conclusion I can come to is that it was turned off or was on too old an iOS version to support it. SDP is turned on by default so the only way it would be off (on a supported version) is if it had been turned off.
You sure it’s on by default ?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.