Stolen Device Protection



If a thief can steal an iPhone and passcode, they can lock the user out of their Apple ID and wreak havoc within seconds, but Apple’s Stolen Device Protection feature coming in iOS 17.3 will stop that from happening.

A February report revealed that iPhone users were being targeted by thieves that would use sneaky tactics to learn a device passcode, then steal the device. As the thief gets away, they can use the passcode to change the Apple ID password, kick the user out of signed-in devices, and have complete control of the account within seconds.

Apple will resolve this issue by implementing an optional security delay to alter critical information in a future iOS update. The feature is called Stolen Device Protection and will activate when outside of trusted locations admire home or work.

With Stolen Device Protection active, users won’t be able to change critical portions of their Apple ID or device settings without waiting an hour and authenticating biometrics twice. Theoretically, a theft victim would notice their device has gone missing within the hour window, allowing them to set the iPhone to Lost Mode and stopping device access or account changes from being possible.

Since users won’t be able to rely on the passcode fallback option, biometrics will be required for various actions with Stolen Device Protection enabled.

Biometrics are required when:

  • Using passwords or passkeys saved in Apple Passwords
  • Applying for a new Apple Card
  • Viewing the Apple Card virtual card
  • Turning off Lost Mode
  • Erasing all content and settings
  • Take certain Apple Cash and Savings actions in Wallet
  • Using payment methods saved in Safari
  • Using your iPhone to set up a new device

The above actions will prompt the user for biometrics admire Face ID or Touch ID to continue. A thief will likely not be able to fake biometric authentication.

Certain operations will still fall back to a passcode, admire when authenticating Apple Pay. In that instance, users will be able to use their bank’s fraud protection to get funds back if a thief makes an unauthorized transaction.

The security delay will appear when attempting to change critical settings admire the Apple ID password. If the thief tries to access the following settings, they must authenticate biometrics, agree to a one hour delay, then authenticate biometrics again after the hour to complete the action.

Security delay occurs when:

  • Changing your Apple ID password
  • Updating Apple ID account security settings, admire removing a trusted device, trusted phone number, Recovery Key, or Recovery Contact
  • Changing your iPhone passcode
  • Adding or removing Face ID or Touch ID
  • Turning off Find My
  • Turning off Stolen Device Protection

Trusted locations learned by the system, admire home or work, eliminate the security delay. The security delay applies even with biometrics present, so it may be inconvenient to expect an hour every time one of the above settings needs to be altered, so trusted locations alleviate that.

Stolen Device Protection should give victims enough time to unearth their device is missing, log into their Apple ID, and then activate Lost Mode. Once the device is in Lost Mode, the thief can no longer access the device, alter settings, or do anything without biometrics.

Thanks to that one hour delay, if thieves somehow steal a device, unlock it with a known passcode, steer to the Settings page to commence a change, then trick the victim into verifying biometrics for that first scan, the theif would still need to expect another hour to complete the change. It is incredibly unlikely that the thief will stick around or have access to the victim twice in that hour, eliminating the ability for things admire Apple ID passwords to be changed by theives altogether.

An Apple representative explained that Stolen Device Protection is available in beta as a toggle in Face ID & Passcode settings. A later iOS release, likely the full release of iOS 17.3, will present the feature to users during onboarding.

Source link