All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: photography and

Links on this site earn me fees or commissions.
As an Amazon Associate I earn from qualifying purchases @AMAZON

Consult with Lloyd: cameras, computers, backup, etc...
Lloyd’s Patreon
Designed for the most demanding needs of photographers and videographers.
Connect and charge all of your devices through a single Thunderbolt or USB-C port.

Apple iOS: Your Digital Life Stolen if Passcode Compromised? How it Works

re: cyber social engineering

re: WSJ: A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life

Summary: if a thief can observe your passcode and thus get into your phone, or even force you to unlock it with your face, your digital life can be stolen.

And if you are foolish enough to rely on auto-fill for passwords and/or to tie Apple Card/Cash and your credit cards into the mix as well (which millions do), you’re going to have a very bad day. Well, a very bad year or two trying to repair all the damage. And maybe all your money gone, unless you get lucky with your financial institution.

Problem #1: unfettered access to iCloud account, changes, etc.

Open question: when/how often does Apple require the existing iCloud passcode in order to change it?

Apple iOS: Major security risk

I tried this. I had not entered my iCloud password for months, so in my case it required that. But once I entered it, it “sticks” and no further prompting is done. And that’s the problem. I tried it on my daughter’s phone—no prompt. I don’t know how long it “sticks” but at first it required no prompt, then later it did. Is it tied to the passcode somehow?

There should NEVER be a case where the iCloud password is not required. And of course it is moronic if you make the iCloud password the same as your phone passcode.

Assume you have the passcode for the phone; the thief steals it as per the article above.

1. Go to Settings => Apple ID=> Password & Security.
The phone will not require entering the iCloud password unless it has not been entered recently. How long? That’s not clear.

2. Malefactor changes the password, changes the email, changes the recovery key, turns off Find my iPhone.

At this point, you are screwed. None of your devices can get your stuff back, not even the recovery key, since the thief has changed it. Everything is lost, forever, and Apple will not and cannot help you*. Unless your stuff is on your local computer and assuming you are not foolish enough to let things be stored (only) in iCloud (but most people do!).

Two-factor authentication (2FA) via your phone does not help you here, since the thief has the phone and simply allows the change. I did this myself—it is beyond stupid to see a “stolen” phone approve the theft of itself. What is Apple thinking to allow a phone being used to change the iCloud password to itself approve the change?

* This is why you make local backups that have nothing to do with Apple or iCloud!

Problem #2: saved passwords, Apple Cash, et

The malefactor has your phone and its passcode, has changed your iCloud everything and you are LOCKED OUT of all your stuff on all your devices and computers, as per above.

If you were foolish enough to use auto-fill passwords, the malefactor will happily login to your bank account, Venmo, etc, etc. Bye-bye balances. Rent and car payment due? Oh well.

Maybe you were foolish enough to have pictures of things like your driver’s license or passport, social security number, etc... suddenly you have 3 new credit cards, all maxed-out.

Or... some nude selfies headed for your Twitter or Facebook accounts or your boss, if the malefactor is feeling bored and especially malicious. Have fun!

Bonus: the thief is caught in one of our wonderful shithole progressive cities, the local DA will almost certainly release that turd without bail and probably never prosecute.

Security hazard on iOS: auto-filll passwords, Apple Cash, etc
View all handpicked deals...

Nanuk 925 Waterproof Hard Case Pro Photo/Video Kit with Padded Dividers and Lid Organizer (Black)
$285 $214
SAVE $71 | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds |
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__