Apple’s Stolen Device Protection For iPhone…. Why You Should Activate It NOW
Yesterday, Apple released iOS 17.3. And as part of this release was a new feature called Stolen Device Protection. This is one of these things that you need to drop what you’re doing and upgrade to iOS 17.3 so that you can activate this feature immediately. To understand why it’s so important, let’s start with the scenario that explains why this feature exists.
There’s been a rise in iPhone thefts lately where thieves not only steal iPhones, but because they had been watching their targets closely, the thieves also steal the passcodes for said iPhones. That allowed the thieves to change their Apple ID passwords which not only locked victims out of the Apple accounts, stopped them from accessing their iCloud backups, but gave them access to any passwords stored within their Apple accounts. If you want to see an example of this, Joanna Stern of the Wall Street Journal interviewed an iPhone thief who was able to steal more than $300,000 from victims using this attack.
Another thing to consider is that using this attack, the thief could also completely reset the iPhone and sell it for a huge sum of money as the thief could bypass one of Apple’s other security features which is Activation Lock. Which up until recently, prevented thieves for selling intact iPhones because the iPhone is “locked” to the owner, and only the owner could reactivate the phone after a reset. Instead the thief is forced to sell it for parts. And that’s becoming increasingly harder to do as Apple locks the parts down to the specific iPhone. That’s another reason why this attack vector is so dangerous.
All of this is very bad and clearly needed a solution. Which is where Stolen Device Protection comes in. What this feature does is it requires biometric authentication, meaning Face ID or Touch ID, when away from trusted places that the iPhone knows about like home and work to change a handful of settings. Specifically:
Viewing/using passwords or passkeys saved in iCloud Keychain
Applying for a new Apple Card
Viewing an Apple Card virtual card
Turning off Lost Mode
Erasing all content and settings
Taking certain Apple Cash and Savings actions in Wallet
Using payment methods saved in Safari
Using the iPhone to set up a new device
And it also includes a time delay for a second biometric authentication for certain sensitive actions. Specifically:
Changing the Apple ID password
Updating select Apple ID account security settings, including adding or removing a trusted device, trusted phone number, Recovery Key, or Recovery Contact
Changing the iPhone passcode
Adding or removing Face ID or Touch ID
Turning off Find My
Turning off Stolen Device Protection
In short, knowing the passcode is no longer good enough to get access to a victim’s iCloud account or reset the phone among other things.
Here’s how you enable it. And I would recommend doing this at home:
IMPORTANT: To use Stolen Device Protection, you must have two-factor authentication and Find My enabled for your Apple ID account along with Significant Locations enabled on your iPhone. Significant Locations is an option within Location Services that you can find by going to Settings -> Privacy & Security -> Location Services -> System Services -> Significant Locations.
Update to iOS 17.3 as this security feature is at the time of writing this article is only available on that version of iOS.
Once you’ve updated to 17.3, go to Settings and then Face ID and Passcode.
Enter your passcode
Scroll down until you see the words Stolen Device Protection. Then click on Turn On Protection.
You’ll either be prompted to authenticate using Face ID or Touch ID, and it takes a moment to turn it on. But if it turns on successfully, it should look like this:
Now if you need to turn it off, you can follow the same steps, but you need to click on Turn Off Protection. Again, I would do this from your home. The only reason that I can think of as to why you would want to turn this off is if Face ID or Touch ID isn’t working and you need to take the phone to an Apple Store for repair as they will require you to turn it off. I should note that you may have to wait for an hour before you can turn this feature off, even if you’re at home.
And while I’m here, let me pass along some tips to keep you and your iPhone safe:
NEVER hand your iPhone over to strangers.
NEVER enter your passcode in public, instead use Face ID or Touch ID
If you’re not using your iPhone, put it away in a pocket, bag, or purse.
The thing is that even with Stolen Device Protection, it’s going to take a while for the dirtbag criminal low life scumbag types to get the message that this feature is now out there. Thus iPhone users will still be targets for theft until whenever they do get the message.
So, will you be enabling Stolen Device Protection? Leave a comment below as to why (or why you’re not) enabling that feature.
This entry was posted on January 23, 2024 at 9:10 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Apple’s Stolen Device Protection For iPhone…. Why You Should Activate It NOW
Yesterday, Apple released iOS 17.3. And as part of this release was a new feature called Stolen Device Protection. This is one of these things that you need to drop what you’re doing and upgrade to iOS 17.3 so that you can activate this feature immediately. To understand why it’s so important, let’s start with the scenario that explains why this feature exists.
There’s been a rise in iPhone thefts lately where thieves not only steal iPhones, but because they had been watching their targets closely, the thieves also steal the passcodes for said iPhones. That allowed the thieves to change their Apple ID passwords which not only locked victims out of the Apple accounts, stopped them from accessing their iCloud backups, but gave them access to any passwords stored within their Apple accounts. If you want to see an example of this, Joanna Stern of the Wall Street Journal interviewed an iPhone thief who was able to steal more than $300,000 from victims using this attack.
Another thing to consider is that using this attack, the thief could also completely reset the iPhone and sell it for a huge sum of money as the thief could bypass one of Apple’s other security features which is Activation Lock. Which up until recently, prevented thieves for selling intact iPhones because the iPhone is “locked” to the owner, and only the owner could reactivate the phone after a reset. Instead the thief is forced to sell it for parts. And that’s becoming increasingly harder to do as Apple locks the parts down to the specific iPhone. That’s another reason why this attack vector is so dangerous.
All of this is very bad and clearly needed a solution. Which is where Stolen Device Protection comes in. What this feature does is it requires biometric authentication, meaning Face ID or Touch ID, when away from trusted places that the iPhone knows about like home and work to change a handful of settings. Specifically:
And it also includes a time delay for a second biometric authentication for certain sensitive actions. Specifically:
In short, knowing the passcode is no longer good enough to get access to a victim’s iCloud account or reset the phone among other things.
Here’s how you enable it. And I would recommend doing this at home:
IMPORTANT: To use Stolen Device Protection, you must have two-factor authentication and Find My enabled for your Apple ID account along with Significant Locations enabled on your iPhone. Significant Locations is an option within Location Services that you can find by going to Settings -> Privacy & Security -> Location Services -> System Services -> Significant Locations.
You’ll either be prompted to authenticate using Face ID or Touch ID, and it takes a moment to turn it on. But if it turns on successfully, it should look like this:
Now if you need to turn it off, you can follow the same steps, but you need to click on Turn Off Protection. Again, I would do this from your home. The only reason that I can think of as to why you would want to turn this off is if Face ID or Touch ID isn’t working and you need to take the phone to an Apple Store for repair as they will require you to turn it off. I should note that you may have to wait for an hour before you can turn this feature off, even if you’re at home.
And while I’m here, let me pass along some tips to keep you and your iPhone safe:
The thing is that even with Stolen Device Protection, it’s going to take a while for the dirtbag criminal low life scumbag types to get the message that this feature is now out there. Thus iPhone users will still be targets for theft until whenever they do get the message.
So, will you be enabling Stolen Device Protection? Leave a comment below as to why (or why you’re not) enabling that feature.
Share this:
Like this:
Related
This entry was posted on January 23, 2024 at 9:10 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.