Photo by 200degrees on Pixabay
The Lengths Thieves Will Go to Unlock iPhones
In iOS 7, Apple introduced Activation Lock, which prevents an iPhone from being activated while it’s registered to an iCloud account (see “What You Need to Know about Activation Lock,” 8 October 2014). It has undoubtedly reduced the number of iPhone thefts, but as Joseph Cox and Jason Koebler explain at Motherboard, thieves have come up with ways to get around Activation Lock. The simplest is a mugging that includes the knifepoint instructions “Disable Find My iPhone, log out of iCloud, and give me your iPhone,” much as the online comic xkcd noted years ago in relation to password security. But less violent thieves are using approaches like phishing the original owner, tricking Apple Store managers into overriding Activation Lock, and even going so far as removing the CPU and reprogramming it. Unfortunately, Activation Lock’s major liability is simply human error: enough people lock themselves out of their iCloud accounts that there has to be a way to disable it.
While I get that thieves might try to mug you, and demand you remove Find My iPhone and log out, working at a computer store in customer support, I would say that a vast number of our customers have no idea what their Apple ID password is. I wonder what happens to them when held at knife point?
Bad stuff, I fear. I am a little surprised that people can be completely ignorant of their Apple ID password since iOS and macOS ask for them fairly frequently. But maybe that’s just my usage patterns.
Unless they’re family members that depend on one certain other family member to always remember the password for them when they need it.
Indeed, though that’s a little like not being able to unlock your front door without help. I’m sure it happens, but it’s a recipe for trouble at some point in the future.
I have no idea what my Apple ID password is because it’s generated by 1Password and stored there on all devices. I do know my 1Password password, and I have touch ID set up so I don’t have to type it in, and a mugging to unlock that would be unfortunate to say the least. Is this a flaw in the use of a password manager?
But really, what are the chances of an outright robbery vs just loosing your phone somewhere?
“Unfortunately, Activation Lock’s major liability is simply human error: enough people lock themselves out of their iCloud accounts that there has to be a way to disable it.”
And a locked door’s major liability is that you left your keys inside and absentmindedly flipped the handle lock (or your spouse did!). That’s why people often have a spare key in an undisclosed external location.
Join the discussion in the TidBITS Discourse forum