Imagine Thieves Stealing Your Business iPhone

Once the thief has gotten past your iPhone's Lock Screen by entering your four-to-six-digit passcode, they'll have access to all the apps on your phone, including email, iMessage, and banking apps.

In the last few weeks, I read several newspaper reports about thieves spying on patrons in bars or clubs to steal their iPhones.

Here is the scenario: You are in a bar or at a party and have fun with your friends. Unbeknown to you, a stranger nearby with their back turned overhears your group's conversation picking up names of friends, your workplace, or your hobbies. That's valuable information. Then the stranger tries to enter your group by pretending to work at the same company or knowing one of your friends who is not at the party. As the evening progresses, the stranger might offer to take a picture of your group with your iPhone. You hand over your locked phone. The person takes the photo and asks you to check the images. When you try to unlock your iPhone, FaceID won't work, prompting you to enter your passcode instead. That's the moment the stranger turned thief is waiting for. When you enter your passcode, the thief memorizes the digits. Later in the evening, you notice that your phone is missing. When you log into your bank account at home, you realize that thousands of dollars have been withdrawn. Shocked, you try to log into your Apple ID only to find your password is rejected.

How can this all be?

Understanding the Significance of Your iPhone Passcode

Once the thief has gotten past your iPhone's Lock Screen by entering your four-to-six-digit passcode, they'll have access to all the apps on your phone, including email, iMessage, and banking apps.

Even if you have enabled 2-factor authentication on your banking app and the bank texts a security code to your iPhone, the thief goes to iMessage and retrieves it. Now they have access to your bank account. Should the credit card company send you a text message asking you to review a suspected fraudulent transaction, the thief will approve it.

Usually, thieves immediately change your Apple ID password, preventing you from remotely wiping your iPhone. Even if you enabled Recovery Key, the thief would have already generated a new one or disabled this feature.

Hard-Locking Your iPhone

The question that puzzled me was why Face ID did not work when you had to unlock the phone to see the images the thief had taken.

The answer is perplexing: the thief had temporarily disabled Face ID by hard-locking your iPhone, which prompted you to enter your device's passcode. It's easy. You follow the same steps as turning off your iPhone: press and hold the power button and either of the volume buttons for about 2 seconds. It will bring you to a screen with a slide to switch off your device. But you don't need to power down your iPhone to hard-lock it. It's already hard-locked. All you have to do now is to press cancel. That's what the thief did. The iPhone then returns to the Lock Screen, requiring you to enter your passcode to enable Face ID. The thief then watches you enter your passcode and memorizes your combination.

What Can You Do as Prevention?

The first is to recognize your passcode's power to unlock everything on your iPhone. Once a thief has your passcode, you are out of luck.

Here are a few housekeeping tips that can help with prevention, but none will solve the problem:

  • Choose a longer passcode. If you have a four-digit passcode, I recommend choosing a longer one. Go to Settings > Face ID & Passcode. Tap Turn Passcode On. Enter a six-digit passcode or tap to switch to a custom numeric code to enter longer codes.

  • Switch to an alphanumeric code. You can also make your code alphanumeric. Go to Settings > Face ID & Passcode. Tap Turn Passcode On. Switch to a custom alphanumeric code.

  • Enter your passcode only in safe places. You could go to a safe place away from spying eyes or surveillance cameras to enter your passcode, for example, outside or in a bathroom, or wait until you return home.

  • Set a separate screen time passcode. Go to Setting > Screen Time. Scroll down to Set a Passcode. Enter a passcode that is different from your lock-screen passcode. Then go to Content & Privacy Restrictions. Scroll down to Allow Changes. Tap on Account Changes and select Don't Allow. You will then need to enter your Apple ID and password. That will prevent a thief from changing your Apple ID or enabling your Recovery Key. However, savvy thieves know that they can reset this screen time passcode if they have access to your email associated with your Apple ID. At least, having a separate screen time passcode might buy you a little extra time.

Unless Apple changes how some of these features work, there is, unfortunately, not much more you can do without changing how you work.

Avoid Tying Everything to Your Apple ID

Having many critical services tied to your Apple ID adds a layer of risk.

Because if you lose access to your Apple ID, you lose access to all linked services, iCloud Drive, iCloud Photo, backup, contacts, calendar, notes, keychain, and email.

Your Apple ID then becomes a single point of failure.

From a resiliency point of view, it is better to use separate services for critical functions. For example, you could use DropBox or Box for cloud storage and Google Workspace for your business email.

Save a Copy of Your Business Contacts

If you have a lot of business contacts, I recommend exporting them every three months and storing a copy in the cloud — not iCloud Drive. You wouldn't need to rely on your Apple ID-linked backup to restore your contacts.

Sign Out From Critical Apps

Accessing any app from any device is highly convenient. But is it really necessary?

For example, how often do you access the banking app on your phone? If you still get a lot of checks from customers, you probably have a good reason for it, as you can use the banking app to deposit checks without visiting a branch. But if you only use your credit cards stored on your phone for purchases, accessing your bank account from your phone might not be critical.

If you cannot dispense with the apps on your phone, I recommend signing out from any critical app, such as banking and cloud storage (DropBox, Box), when you don't use them. That way, if your iPhone gets stolen and a thief has your passcode, it will limit the damage they can inflict.

 
 
Related Posts
Imagine Thieves Stealing Your Business iPhone
Imagine Thieves Stealing Your Business iPhone

Your passcode allows you to access all apps on your iPhone, including email, iMessage, and banking apps. Thieves know this and hard-lock your phone so you have to enter your passcode to unlock your device.

Read More →
iCloud Photo Library or iCloud Drive for Long-Term Storage of Your Photos?
iCloud Photo Library or iCloud Drive for Long-Term Storage of Your Photos?

Accidentally deleting a photo on one Apple device will remove it from all devices because all devices connect to iCloud Photo Library. Consider saving a duplicate picture to iCloud Drive for long-term storage.

Read More →
How to Take iPhone Photos in ProRAW
How to Take iPhone Photos in ProRAW

iPhone 12 Pro models and newer allow you to capture photos in ProRAW, making editing them easier in Lightroom and Photoshop.

Read More →
Why an Expensive Camera Alone Won't Get You Great Pictures on Social Media
Why an Expensive Camera Alone Won't Get You Great Pictures on Social Media

If you primarily need pictures for social media, you can have your own smartphone photos professionally retouched and save yourself the investment in an expensive camera.

Read More →
Why You Should Retouch Your iPhone Photos
Why You Should Retouch Your iPhone Photos

Photos taken with the latest iPhone Pro models can be worth getting professionally retouched. These three criteria will tell you if you should do it.

Read More →
What Is HEIC?
What Is HEIC?

Since Apple uses HEIC as the format for its iPhone photos, this article explains what HEIC is, why HEIC is better than JPEG, and how to convert HEIC files to JPEGs.

Read More →
iPhoneStefan MeuserOnline Store