Apple implements security modifications aimed at safeguarding users against iPhone thefts
Apple is introducing enhanced security measures for iPhones following a report on a vulnerability exploited by thieves, resulting in severe consequences for victims. The thefts, occurring across various cities, involved criminals using passcodes to access Apple accounts, steal information, and lock users out of their iCloud-stored data.
These incidents prompted Apple to develop the Stolen Device Protection setting to counter such attacks, which is currently being rolled out to beta testers and will be included in an upcoming software update. However, users need to activate this feature, which, although helpful, doesn't cover all potential threats to personal and financial information on an iPhone.
How it operates:
Enabling Stolen Device Protection limits certain settings when the iPhone is away from familiar locations, like home or work, to prevent unauthorized access.
Effects on various settings:
- Changing the Apple ID password: With the protection enabled, changing the password away from a familiar location requires Face ID or Touch ID, with an hour delay and additional confirmation scans to thwart unauthorized changes.
- Updating Apple security settings: Altering recovery keys or trusted phone numbers necessitates two biometric scans an hour apart to prevent unauthorized modifications.
- Accessing passwords in Keychain: Face ID or Touch ID becomes mandatory to access stored passwords, nullifying the passcode's backup role.
However, even with this protection, a thief possessing both the iPhone and its passcode can still unlock the device and access apps without additional protection or those resettable via text or email. To minimize risks, it's advisable to avoid sharing passcodes, use stronger alphanumeric passcodes, and implement additional security measures within specific apps, such as enabling extra PIN or biometric verification.
In case of theft, users are urged to swiftly utilize the iCloud's remote wipe feature through icloud.com/find to erase data on the stolen device.
Apple intends to prompt users to activate Stolen Device Protection within the Face ID & Passcode settings upon its release.