Apple devices have always been known for their security features, which include the Find My network that has received major updates in recent years. However, a report from The Wall Street Journal on Friday revealed that these features are not enough to prevent thieves from accessing users’ data. With iOS 17, Apple should invest even more in anti-theft security features for iPhone and iPad.
Smartphones are more valuable than ever to thieves
Smartphone theft is not something new. However, the reasons behind these thefts have changed considerably in recent years. In the past, people stole phones to resell them on the underground market. Even when Apple and other companies introduced things like iCloud Lock, this didn’t stop thieves from stealing phones. After all, they could easily remove and sell parts of the device, like the display.
But as technology has advanced, we’ve been putting more of our lives into our phones. Our passwords, our credit cards, our bank accounts, our documents… and as shown by the WSJ report, such benefits can turn into a nightmare when all this data is in the wrong hands.
For example, a lot of banks today let customers do all kinds of transactions directly from their app without even having to go to an ATM or bank branch. This is super convenient, and it’s hard to imagine a life without these benefits. However, this has also made thieves even more interested in stealing smartphones.
So what? Smartphones have passwords and biometric authentication
Some of you may be wondering just that. How would it be possible to access all the apps on a smartphone if the device is protected by a password, or even better, by Face ID or Touch ID? It turns out, criminals have found ways around this – and I’m not even talking about advanced exploits to hack the phone.
In one of the examples given by WSJ’s Joanna Stern, a group of thieves chooses a distracted victim to steal their phone. But before they do, one of the thieves discreetly records videos of the victim typing their password to unlock the phone. In some countries like Brazil, armed thieves even ask the victim for the iPhone’s password before stealing it.
And unfortunately, Apple has loosened up its security system to let users do a lot of things using just the iPhone and iPad password. For instance, you can go into the Settings app and reset your Apple ID password using just your device’s PIN code. This can help someone who legitimately forgot the password to their Apple ID, but it also helps thieves quickly change the account password on a stolen phone.
And even if you have Touch ID or Face ID enabled, you can easily skip such security authentication methods if you know the iPhone passcode. That’s because iOS asks for your passcode when it fails to read your biometrics as a fallback method. This means that anyone with your password can access your messaging apps, private notes, banking apps, and even Apple Pay.
What can be done about it?
There’s no easy solution for this. As I mentioned before, there’s not much you can do when someone records a video of your password from a distance or even aggressively forces you to give them the password.
However, Apple can do (and should do) a few things to make the thieves’ lives more difficult and to give the victims more time to find a way to lock their stolen phone and bank accounts. Samsung, for example, lets users create a protected folder with specific apps that can only be accessed under certain circumstances, such as when the phone is connected to the user’s Wi-Fi network.
Also on Samsung phones, users can disguise bank apps with different names and icons. This doesn’t prevent others from accessing them, but it makes the process more complicated. It can be enough time for you to call your bank and ask them to lock your account.
But the first thing Apple should do is remove the option to reset the Apple ID password using just the iPhone and iPad passcode. This is extremely alarming for a company that claims to be concerned about privacy and security. Most people use weak passwords for their devices, and Apple itself offers a 6-number PIN as the default option for iOS.
Top comment by This One
Several things can be done now by users:
Do NOT allow locked notes with the phone passcode, a feature Apple has recently introduced and promotes for unknown reasons. Have a separate PIN for locked notes.
Check Settings > Passwords for important sites and apps that you have Face ID protected but for which the app has also stored the password in Passwords. Delete these passwords. The apps requiring Face ID will still work.
Make sure that you have an iCloud recovery ID.
Several things for Apple to do:
Eliminate the ability to change the Apple ID password from an iPhone or iPad with only the device passcode.
Allow users to lock Settings > Passwords with a separate password or passcode (PIN). This needs to be done for MacOS as well, in addition to the ability to lock access to Keychain with a separate password or passcode.
Allow users to create lockable folders for sensitive apps, again with Face ID and a separate password or passcode. If users forget these, they can delete the folder and download the apps again and start over.
Nubank, a Brazilian digital bank, recently introduced a feature called “Street Mode.” When this mode is enabled, the app uses the user’s location and Wi-Fi network name to block some transactions. As a result, thieves are unable to transfer large amounts of money if the phone was stolen on the street. Even if they have the victim’s password.
Apple could implement a native API in the system so that every app can have restricted functionality based on the location of the device. And more importantly, Apple should force users to set a password different from the iPhone passcode in order to change such settings.
How you can protect your iPhone for now
Apple told the report that it will “continue to advance the protections to help keep user accounts secure.” While the company has yet to introduce any new anti-theft security features for iPhone, here are some things you can do to protect yourself:
- Avoid typing your password in public; use Face ID or Touch ID instead.
- Cover your iPhone screen if you need to enter your passcode in public.
- Opt for a stronger password.
- Don’t store bank passwords in password managers or in your notes.
- Enable Privacy Restrictions under Screen Time and use a different PIN code.
What do you think Apple can do to improve iOS security? Have you experienced any related situations? Let us know in the comments section below.
FTC: We use income earning auto affiliate links. More.
Comments