Apple Introduces Stolen Device Protection in iOS 17.3
Apple unveiled a fresh iteration of iOS yesterday, bringing forth a slew of novel features including collaborative playlists on Apple Music and a new Unity wallpaper to commemorate Black History Month. Notably, iOS 17.3 introduces an intriguing addition known as “stolen device protection,” which is deactivated by default. I strongly advise iPhone users to activate this feature after updating to iOS 17.3.
This security enhancement stems from an investigation conducted by Joanna Stern and Nicole Nguyen for the Wall Street Journal. Their findings revealed a rising trend of theft where culprits pilfer money and gain unauthorized access to sensitive data believed to be securely stored on iPhones and their associated iCloud accounts.
The significance of the passcode lies in its capability to unlock a phone and modify settings. Even with Face ID (or Touch ID) enabled, the passcode serves as a fallback method to unlock the device and make adjustments.
Criminals have been exploiting this possibility by frequenting bars late at night and engaging strangers in conversation to obtain their passcodes. One such thief recounted informing victims of a desire to add them on Snapchat. Capitalizing on the ease of entering contact details on someone else’s phone, the thief claimed to type his username directly.
Upon receiving the phone, the thief would lock it, asserting that the iPhone was now secured. Subsequently, the thief would request the passcode, committing it to memory for later use.
Following a successful theft, the pilfered passcode becomes instrumental in unlocking the device and altering the Apple ID password in the phone settings. Consequently, Find My iPhone can be disabled, preventing the victim from remotely wiping their device.
Many iPhone users store sensitive information, including bank app passwords and credit card details, in their iCloud Keychain and Safari autofill preferences. Thieves can exploit this by accessing encrypted notes in the Notes app, potentially revealing stored social security numbers.
Apple Pay is also susceptible to misuse, with the passcode serving as a fallback method if Face ID fails. Thieves may even register their own face in Face ID if armed with the device passcode.
Apple’s Response:
To counter these security threats, Apple has introduced stolen device protection in iOS 17.3. When activated, certain actions necessitate Face ID or Touch ID biometric authentication, adding an extra layer of security for accessing stored passwords and credit cards.
Moreover, critical actions such as changing the Apple ID password, altering the passcode, and disabling stolen device protection involve a security delay. Upon initiating these actions, users are notified of a mandatory one-hour waiting period for implementing significant changes.
This feature aims to provide users with an opportunity to remotely wipe their iPhones using another device in case of theft, ensuring the security of their data. However, an exception exists – if the user is in a familiar location, such as their home or workplace, there is no need to wait an hour for critical changes.
While not flawless, Apple endeavors to strike a balance between security and convenience with this approach. Users can activate this new security feature by navigating to Settings > Face ID & Passcode > Stolen Device Protection.