from Hacker News

About Stolen Device Protection for iPhone

by drclau on 1/22/24, 7:15 PM with 80 comments

  • by stirlo on 1/22/24, 8:42 PM

    This also solves a somewhat unique problem I experienced recently with iCloud keychain where all your passwords are only as secure as your passcode (and anyone that knows it).

    I had to hand my phone over to a third party repairer. This would mean they needed to know my passcode so I wanted to lock down the phone to allow them to perform whatever diagnostic steps they might need but to restrict access to the wallet and iCloud keychain.

    The first part was actually quite simple using a separate screen time passcode to restrict all apps bar the camera and any that they needed. The frustrating part was that the settings app itself cannot be blocked by screentime (I guess as thats where you configure the restrictions) and as iCloud keychain passwords are accessed from settings there was no way to block access to them.

    With this update I could (somewhat) safely supply my passcode while being relatively confident that my keychain passwords were not viewed.

  • by e40 on 1/22/24, 8:07 PM

    Requires updating to iOS 17.3. (Released today, I believe.)

  • by artdigital on 1/22/24, 8:44 PM

    Way overdue feature IMHO. A reason why I didn’t want to use passcodes or keychain for passwords was that once someone knew my passcode to unlock my phone, they could access all my accounts

    1Password at least uses a different password and isn’t unlockable with passcode alone

  • by paxys on 1/22/24, 9:11 PM

    Neat feature I guess, but how long before thieves realize that they can just look up your home or work address from the Maps or Contacts app and go stand near it to get around these restrictions?

  • by PlunderBunny on 1/23/24, 12:23 AM

    Regarding the actions that required FaceID/TouchID once the protections are enabled, what happens if the biometric authentication fails? Sometimes I can't unlock my phone with FaceID, and I have to resort to using my passcode after three attempts. Will it now allow unlimited attempts in the specific scenario covered by the new feature?

    (I realise this means I can still get into my phone, just that I might not be able to access certain features - e.g. change passwords - if I'm not at one of my usual locations).

  • by dhdhdudhsg on 1/22/24, 8:34 PM

    I’ll be using this but what a stupid exception imo. I work in a big building where anyone could walk in without id and simply defeat the protection. Hell, a disgruntled coworker contractor or customer could be in on it.

    > When your iPhone is in a familiar location, these additional steps are not required, and you can use your device passcode like usual. Familiar locations typically include your home, work, and certain other locations where you regularly use your iPhone.

  • by gnicholas on 1/22/24, 8:07 PM

    Is there a website that has a list of the steps you should take if your phone is stolen? My first instinct would be to use someone else's phone to google "what to do if your iPhone is stolen".

    But I wouldn't know how to determine if the instructions I was seeing were incomplete, or outdated. Is there a trusted, frequently-updated site that we can easily remember and plug into our friends' phone if and when this terrible thing happens to us?

  • by natch on 1/22/24, 8:35 PM

    So the next step for the criminals (the ones who steal both the passcode and phone) is to find your address (often stored in Contacts, or available in your Amazon account) then physically go there and lurk nearby while finishing their pwning steps.

    I may be missing something. But if not it seems like Apple is now incentivizing a scenario where thieves will physically go to the location of their victims homes in order to circumvent some of these measures.

  • by dakial1 on 1/22/24, 9:56 PM

    I don’t know if Brazil was one of the places that convince Apple to do that, but we have a huge problem of mobile phones robbery with that aim to access the bank apps to drain accounts dry.

    In a quite resourceful way (social engineering, process and system exploits) these criminal organizations will jump all the hoops (2FA, Face Recognition) and manage to access most of those apps.

  • by baicunko on 1/22/24, 8:00 PM

    This took quite a while to get ready but I do believe it prevents 99.9% of the theft cases mentioned. I am downloading it right now.

  • by aetherspawn on 1/22/24, 8:48 PM

    Available from iOS 17.3 for anyone wondering.

    I went to settings and could not find the option to enable this, but it turns out I was still on 17.2

  • by lokar on 1/22/24, 8:44 PM

    A one hour delay? Really? I don’t get it, how does that really help?