Stolen iPhone - Criminals have full control and Apple cannot help!

[Night Spring]

Security and convenience is always a trade off.

Yes, totally.

 

[Puonti]

Huh, didn't know FaceID is that unreliable

Reliability seems to vary. For me it just works, but that could be for any number of reasons.

 

[Reason077]

This person didn't fret about the cost of replacing the cell phone.

The concern was the cost of their entire personal, financial, and digital life being taken over by criminals.

This also happened to a friend of mine, also in London, earlier this year. They got in to WhatsApp, sent offensive/racist messages to chat groups, posted intimate pics, etc. Also begged for money from contacts ("emergency situation, please send money, will explain later!") and were successful on at least one occasion.

(turns out there's NO way to block WhatsApp on a stolen phone until you can get a new SIM card with the same number, and re-register WhatsApp on the new phone!)

Clearly the phones aren't being stolen for the value of the phone, but to try and extort money from you and to scam your friends and colleagues. There seems to be organised gangs doing this: someone will steal the phones, then pass them along to someone else who specialises in the scamming/extortion.

Another thing to watch out for is fake SMS messages leading to fake copies of the iCloud site ("Your iPhone has been recovered. Please log in to Find My to claim it!"). They are trying to get your iCloud password to remove the activation lock. Another friend fell victim to this one

 

[Reason077]

Huh, didn't know FaceID is that unreliable, I'm still on TouchID phones and I can't remember the last time it failed with dry fingers.

Though the extra incovenience is true, it's still much less then any possible 2FA implementation.

Face ID has always worked very well for me. Much faster and more reliable than Touch ID ever was.

 

[fzJNotIBOxgnbqejSeVCvJScL]

I am going to shoot myself down. Screen Time is not the answer even with ID Recovery key set, and with "Recover screen time password with Apple ID" disabled. Though it does put some more obstacles in the thief’s path. Maybe some less knowledgeable thieves would be stopped. Some options to the sequence below put some delay in the Recovery process but the sequence below leads to instant break in.

I just went through these steps:

1. Screen Time settings > Change Screen Time passcode.
2. Click Forgot Passcode
3. Enter Apple ID email but not password…click forgot Apple ID password
4. This produces a screen asking for iPhone Passcode which thief has. Enter Passcode leads to screen to enter new Apple ID password.

Anyone can test these steps themselves ....no harm is done... you can cancel out ot the end before entering your new Apple ID password.

Does this “trick” also work if you completely remove Screentime and set it up again (without linking Screentime to the Apple-ID during setup)?

Any changes with iOS 17?

 

[fzJNotIBOxgnbqejSeVCvJScL]

Hey everyone.

Can someone tell me whether emails can be accessed in the browser at www.icloud.com -- even if

- Advanced Data Protection is enabled
- and without being able to allow temporary web access?

I'm asking because I would like to know whether I can access iCloud emails even if, for example, my iPhone is stolen.

(I don't have an iPhone yet.)

Is there anyone here who has ADP enabled and can try this?

 

[Mike Boreham]

Does this “trick” also work if you completely remove Screentime and set it up again (without linking Screentime to the Apple-ID during setup)?

Any changes with iOS 17?

TLDR:

Setting a Screentime passcode now seems to protect the phone provided you have set a Recovery key.

It is a while since I thought about this topic, so I set screen time passcode on my iPhone, now on iOS17, and did not link it to my Apple ID. I turned on "don't allow' for passcode and account changes. This all as I did back in May.

Then I went into thief mode. All the iCloud settings were greyed out of course, so I first tried changing the screen time passcode then turning it off. In the screens that followed I entered my Apple ID email (which thief would have no trouble discovering) and then "forgot password" or "forgot passcode". This led to the sending of a verification text which after it was automatically entered led to this screen:

The thief would not know this...something seems to have changed!

Back in May the attempts to turn off Screen Time passcode led to the phone passcode, which the thief had.

Tentative conclusion: SCREEN TIME PASSCODE NOW WORKS. Hurrah!

EDIT. When I posted in May I already had the 28 digit Recovery Key set....so that is not what has changed since then. It may be iOS 17 or maybe Apple has changed what happens behind the scenes.

 

[fzJNotIBOxgnbqejSeVCvJScL]

That's great news. Thanks for checking it out, Mike!

When Screen Time is turned off:

Will I also be asked for the Recovery Key if I want to change the password for Apple ID / iCloud?

If so, then you wouldn't necessarily need Screen Time. On the other hand, it makes sense anyway:

With Down Time I can secure apps like Mail and Messages. This means that a thief cannot reset passwords for other accounts (Amazon, Gmail, eBay, etc.) or receive a 2-factor authentication code.

In any case, that's very good news!

 

[Mike Boreham]

When Screen Time is turned off:

Will I also be asked for the Recovery Key if I want to change the password for Apple ID / iCloud?

No you are only asked for phone passcode (which thief has) before changing Apple ID password.

 

[fzJNotIBOxgnbqejSeVCvJScL]

Is there a summary?

- Always use Face Time to unlock iPhone
- Set up Recovery Key
- iPhone passcode at least 8 characters long and always enter unobserved
- Prevent changing Passcode and Settings with Screen Time
- Screen Time password at least 8 characters long and always enter unobserved
- Do not link Screen Time to Apple-ID
- Apps that are used for 2-factor authentication or for password resets or for storing passwords must be protected with Down Time or (if possible) a password

 

[Mike Boreham]

Is there a summary?

- Always use Face Time to unlock iPhone
- Set up Recovery Key
- iPhone passcode at least 8 characters long and always enter unobserved
- Prevent changing Passcode and Settings with Screen Time
- Screen Time password at least 8 characters long and always enter unobserved
- Do not link Screen Time to Apple-ID
- Apps that are used for 2-factor authentication or for password resets or for storing passwords must be protected with Down Time or (if possible) a password

Good list but I haven't found how to make Screen Time passcode more than four digits.
Also I haven't tested with Screen Time linked to Apple ID. May not be necessary to have not linked.

 

[Mike Boreham]

That's great news.

There have been so many twists and turns, dead ends and false dawns in this long thread I am half expecting someone to prove I am wrong. 🤞

 

[citivolus]

TLDR:

Setting a Screentime passcode now seems to protect the phone provided you have set a Recovery key.

It is a while since I thought about this topic, so I set screen time passcode on my iPhone, now on iOS17, and did not link it to my Apple ID. I turned on "don't allow' for passcode and account changes. This all as I did back in May.

Then I went into thief mode. All the iCloud settings were greyed out of course, so I first tried changing the screen time passcode then turning it off. In the screens that followed I entered my Apple ID email (which thief would have no trouble discovering) and then "forgot password" or "forgot passcode". This led to the sending of a verification text which after it was automatically entered led to this screen:

View attachment 2268960

The thief would not know this...something seems to have changed!

Back in May the attempts to turn off Screen Time passcode led to the phone passcode, which the thief had.

Tentative conclusion: SCREEN TIME PASSCODE NOW WORKS. Hurrah!

EDIT. When I posted in May I already had the 28 digit Recovery Key set....so that is not what has changed since then. It may be iOS 17 or maybe Apple has changed what happens behind the scenes.

I've been following this thread since this was first reported and have been eagerly hoping it would be fixed with iOS 17. I haven't upgraded yet (still on 16.6.1) but after seeing this post I decided to try it again, and now I too get the prompt for "Enter Recovery Key"! So glad to see this bug has finally been fixed and doesn't even require updating to iOS 17!
Update: Unfortunately I was mistaken and this is not correct. The issue has not been fixed.

 

[Mike Boreham]

TLDR:

Setting a Screentime passcode now seems to protect the phone provided you have set a Recovery key.

It is a while since I thought about this topic, so I set screen time passcode on my iPhone, now on iOS17, and did not link it to my Apple ID. I turned on "don't allow' for passcode and account changes. This all as I did back in May.

Then I went into thief mode. All the iCloud settings were greyed out of course, so I first tried changing the screen time passcode then turning it off. In the screens that followed I entered my Apple ID email (which thief would have no trouble discovering) and then "forgot password" or "forgot passcode". This led to the sending of a verification text which after it was automatically entered led to this screen:

View attachment 2268960

The thief would not know this...something seems to have changed!

Back in May the attempts to turn off Screen Time passcode led to the phone passcode, which the thief had.

Tentative conclusion: SCREEN TIME PASSCODE NOW WORKS. Hurrah!

EDIT. When I posted in May I already had the 28 digit Recovery Key set....so that is not what has changed since then. It may be iOS 17 or maybe Apple has changed what happens behind the scenes.

It has been pointed out in another forum that the thief can create a new Recovery Key armed with only the phone passcode. Sorry to raise hopes.

EDIT I was forgetting that with Screen Time Passcode is set the thief cannot access the reset Recovery Key screen. To do that he has to turn off Screen Time passcode which he can't do without the 28 digit Recovery key.

So I am back to believing that iOS 17 has fixed this issue.

Sorry for all the about turns.

 

[citivolus]

I've been following this thread since this was first reported and have been eagerly hoping it would be fixed with iOS 17. I haven't upgraded yet (still on 16.6.1) but after seeing this post I decided to try it again, and now I too get the prompt for "Enter Recovery Key"! So glad to see this bug has finally been fixed and doesn't even require updating to iOS 17!

Just tried this on my wife’s iPhone running iOS 16.6. She does not have a Recovery Key set. After going through the steps above, it did end up allowing me to change the Apple ID password after entering the iPhone Passcode. So it seems having a Recovery Code set is key to this working properly.
Update: Unfortunately this is not correct as I was mistaken. I confirmed that the bug still exists whether or not you have a Recovery Key set.

 

[Mike Boreham]

Just tried this on my wife’s iPhone running iOS 16.6. She does not have a Recovery Key set. After going through the steps above, it did end up allowing me to change the Apple ID password after entering the iPhone Passcode. So it seems having a Recovery Code set is key to this working properly.

Yes definitely.

 

[fzJNotIBOxgnbqejSeVCvJScL]

Can a thief log in to www.icloud.com with Apple-ID and unlocked iPhone, but without the Apple-ID password?

Actually, that shouldn't be possible. The process to reset the password at www.icloud.com should also require the Recovery Key, right?

 

[fzJNotIBOxgnbqejSeVCvJScL]

The only thing that bothers me is that a thief can easily delete the eSIM. Otherwise, the stolen iPhone - as long as it is switched on - would always be able to be located over the cellular network and would be quicker/easier to lock remotely.

 

[citivolus]

It has been pointed out in another forum that the thief can create a new Recovery Key armed with only the phone passcode. Sorry to raise hopes.

EDIT I was forgetting that with Screen Time Passcode is set the thief cannot access the reset Recovery Key screen. To do that he has to turn off Screen Time passcode which he can't do without the 28 digit Recovery key.

So I am back to believing that iOS 17 has fixed this issue.

Sorry for all the about turns.

Unfortunately this is not correct. I updated my wife's phone to iOS 17.0.1 which now has a Recovery Key set and confirmed the bug still exists. Here are the steps I took to be able to reset the Apple ID password with just the iPhone Passcode:

1. Go to Settings -> Screen Time -> Change Screen Time Passcode -> Change Screen Time Passcode and Tap Forgot Passcode?
2. Enter your Apple ID and tap OK in the top right corner
3. Tap Forgot Apple ID or Password?
4. A screen will appear which allows you to enter the iPhone Passcode
5. Success

For the life of me I can't understand why Apple has not fixed this bug in iOS 17 given the amount of press it has already received.

 

[Mac2011trouble]

I work in London and was at a restaurant/bar on Thursday. I use FaceID and have a 6 digit pin. During the night my FaceID must have failed at some point.

My phone went missing from my pocket and I realised within 5 mins. I was very suspicious. I instantly went on my friend's phone and attempted to login to my icloud. My password did not work.

Long story short from here but it had been stolen and the thieves had my passcode. They locked me out within minutes. There is a massive security flaw that allows this to happen.

I am reasonably cyber security aware (or so I thought). I had two step authentication set up on iCloud. I used my wife's number for this, thinking that makes things way more secure. It does not.

Apple allowed the thief to lock me out and change my password for icloud.

They have had full control of my phone and data for 5 days now. I can't disable my account and I can't login.

I am stuck in a recovery loop. 1 day later I had a new sim with my phone number. I can verify the code for this and also my wife's number. I verify the code sent to my email that I have regained control of.

Final request was for me to enter my bank card in full. I did this originally but I have had to cancel all cards as the thieves used my Apple pay to buy £1000s in Apple products!

I have visited an Apple store with my passport but absolutely nothing helps me. The power is with the criminals and I cannot stop them.

I waited 72 hours for recovery but then heard nothing. No sms or email.

I was told to try recovery again but it has gone back to where I was 5 days ago.

Meanwhile the criminals are using my WhatsApp to extort money from my contacts (1000+ of them) pretending to be me needing money. I have found out 4 have sent money and it could be a lot more.


I am powerless to stop this.

Does anyone know why my recovery is failing despite having all the information Apple asked me for?

Are the criminals with my device able to block my request from the device?

I haven't slept in 5 days with worry. They also sent threatening messages from my phone to my wife, with photos of my children.

Still Apple will do nothing to help. It is sickening.

This is what exactly happened to my friend last weekend 16th September 2023.
I started a thread on the night asking what could one do.

They have used his apple pay and transferred money from his bank
A lot.
Police say they looked at the video and cannot identify the culprits (a group of them) ....
This is why today I put another question on my thread to ask if is there anyway one could put a stop to Apple pay from Apple watch that is linked to the same Apple iPhone and Apple account?

 

[mikelrubio]

TLDR:

Setting a Screentime passcode now seems to protect the phone provided you have set a Recovery key.

It is a while since I thought about this topic, so I set screen time passcode on my iPhone, now on iOS17, and did not link it to my Apple ID. I turned on "don't allow' for passcode and account changes. This all as I did back in May.

Then I went into thief mode. All the iCloud settings were greyed out of course, so I first tried changing the screen time passcode then turning it off. In the screens that followed I entered my Apple ID email (which thief would have no trouble discovering) and then "forgot password" or "forgot passcode". This led to the sending of a verification text which after it was automatically entered led to this screen:

View attachment 2268960

The thief would not know this...something seems to have changed!

Back in May the attempts to turn off Screen Time passcode led to the phone passcode, which the thief had.

Tentative conclusion: SCREEN TIME PASSCODE NOW WORKS. Hurrah!

EDIT. When I posted in May I already had the 28 digit Recovery Key set....so that is not what has changed since then. It may be iOS 17 or maybe Apple has changed what happens behind the scenes.

I'm interested on this. What do you mean by 'thief mode'? I mean no harm, but sounds interesting as to perform a personal security audit. Cheers!

 

[Mike Boreham]

I'm interested on this. What do you mean by 'thief mode'? I mean no harm, but sounds interesting as to perform a personal security audit. Cheers!

Prior to that I was setting the phone up with Screen Time mode and restrictions.

After that I was pretending to be a thief trying to change the AppleID password. Just a turn of phrase!

 

[Mike Boreham]

Unfortunately this is not correct. I updated my wife's phone to iOS 17.0.1 which now has a Recovery Key set and confirmed the bug still exists. Here are the steps I took to be able to reset the Apple ID password with just the iPhone Passcode:

1. Go to Settings -> Screen Time -> Change Screen Time Passcode -> Change Screen Time Passcode and Tap Forgot Passcode?
2. Enter your Apple ID and tap OK in the top right corner
3. Tap Forgot Apple ID or Password?
4. A screen will appear which allows you to enter the iPhone Passcode
5. Success

For the life of me I can't understand why Apple has not fixed this bug in iOS 17 given the amount of press it has already received.

Did you definitely turn on Content and Privacy Restrictions > Don’t allow passcode and account changes in Screen Time mode ?…. (I forgot first time I tested)

Did you set screen time code up to be recoverable with Apple ID? I did not, clicked cancel on that screen.

I know two other people who have been active involved in this issue, who confirmed what I found.

 

[citivolus]

Did you definitely turn on Content and Privacy Restrictions > Don’t allow passcode and account changes in Screen Time mode ?…. (I forgot first time I tested)

Did you set screen time code up to be recoverable with Apple ID? I did not, clicked cancel on that screen.

I know two other people who have been active involved in this issue, who confirmed what I found.

Yes to both of these. Unfortunately I was still able to change the Apple ID password with just the passcode.

 

[fzJNotIBOxgnbqejSeVCvJScL]

Yes to both of these. Unfortunately I was still able to change the Apple ID password with just the passcode.

When setting up Screen Time, you have to tap Cancel in Recovery and _not_ link the pin to your Apple-ID.