Text Conversations with an iPhone Thief

Journalist Veronica de Souza published an article this week in Gothamist (part of WNYC) describing her refusal to remove a stolen phone from her Apple iCloud account, which permanently bricks the phone to anyone ever trying to wipe and re-use it. The attempts by thieves, hackers, and re-sellers to get her to clear the account resulted in a hilarious series of escalating threats.
The only downside appears to be that the new “owners” could see all her messages and photos (but I thought that’s what “wiping” the phone was supposed to take care of).
Comments? Here’s a link to the article.

I saw that article as well. I also saw a different post on Reddit that shows a Catch-22 to keeping the stolen device in the list: a person who lost an iPhone so long ago that the iOS version that the iPhone is on is preventing him from switching his iCloud account to Advanced Data Protection because all iPhones must be at iOS 16.2 or later.

I think the only three solutions to this are to not use ADP, to remove the old device from your list of devices, allowing it to be reset by whoever now has it, or to switch to a new Apple ID. The latter is probably what I would do, which I think would also allow removing all photos from the old Apple ID (after copying to the new one), and messages, and iCloud Keychain, etc. That’s a lot harder if the Apple ID is an active iCloud, MobileMe, or dotMac email address, though.

Great article. Thanks.

I hope de Souza has archived all these texts and sent them to law enforcement (New York, FBI and possibly others). They may not help her recover her iPhone, but when combined with reports from others, they may help arrest some of the people responsible.

I struck the second part of my reply because apparently you can remove a device from iCloud device list while keeping it in Find My.

I don’t think they had her passcode and it seems like she remotely erased it, so I don’t think the above is a problem.

Oh, you’re right! They were of course lying about seeing her messages and photos!

How did they get in touch with her through iMessage? I do not recall the lock screen of a remotely erased device showing the email associated with the AppleID the device is locked to.

According to the author in the comments after her article:

when trying to reset my phone they are prompted to enter my iCloud password. My iCloud email is also one of the ways to reach me via iMessage. So they used that to contact me

(the article specifically notes that she erased the phone remotely and that they didn’t have her passcode, FYI)

FWIW, also, when you mark a device as lost you can also display a phone number on the lock screen. Also I believe the email address of the Apple ID is obfuscated when you try to activate the device - see the example here.

See, that’s what I find confusing here. On one hand we have Apple saying email is obfuscated when prompting to unlock. And they show a screenshot which backs that up. But then it appears it’s being reported here that the thieves “are prompted to enter my iCloud password. My iCloud email is also one of the ways to reach me via iMessage.”

So is that email not obfuscated after all? Or is it that they initially, before locking the device, displayed their personal information (perhaps hoping they just lost it and an honest finder would return it) and that’s how the thieves got ahold of contact details? If they after that then locked the device the email would be obfuscated, but the thieves would then already have the contact details they needed to harass the victim.

An off-topic digression.

How can I tell what method the sender used to get a message to me? Is there some indication of what phone number or email address that is associated with my account the sender used?

You can find the sender’s address by tapping the icon at the top of the message’s screen. Then tap the “Info” button to get a contact card from the sender (which will be dynamically created on the fly if you don’t already have one). On that card, you’ll see phone numbers and e-mail addresses - there will only be one if you don’t already have a contact. If you do already have a contact, the one used to send the message will have a “RECENT” tag next to it.

As for how it came to you, that’s harder to tell because Apple doesn’t show you if a message arrives via your mobile carrier (SMS/EMS) or iMessage.

One easy way is if you have a non-phone device (e.g. a Mac, iPad or iPod) logged in to your iMessage account. If that device also received the message (and you don’t Continuity enabled between your devices), then you know it came via iMessage. And that’s great, because it means the sender has an Apple ID. Law enforcement should be able to get a warrant for information about the owner of that ID.

If it didn’t arrive on a non-cellular device, then it’s probably SMS/EMS, and therefore arrived via the cell phone network. Law enforcement get get a warrant to contact the wireless carriers to try and identify the source, but numbers are easily forged, so it might not get them very far.

As far as I know, there is no easy way to tell. If it is iMessage, Settings / Messages / Send & Receive - whichever phone number(s) and email address(es) that you have listed there are any way that you can be contacted. You can’t tell which one was used, but it doesn’t really matter - the other person is using iMessage as well and could use any of those methods the same way. Since all of those addresses/phone numbers are associated with your iMessage account, it will just be sent to the iMessage account.

If it is an SMS or MMS message, they are using your phone number*.

I almost always send to people using either a phone number or directly from their contact card and the Messages app just tells me that it will be iMessage
if the user’s name is blue or SMS (to their phone number from my phone number) if the name is green.

The Messages app does not tell you directly how an individual message was sent to you. But for the most part a message thread is either all iMessage or all SMS/MMS, and if you start typing a reply and see a blue arrow to send, then there probably sent you the message using iMessage. If you see a green arrow, they probably sent you the message using SMS (or MMS for groups.)

• • the one exception is that many carriers have an email gateway so they can send to your phone number using however the carrier supports that (for Verizon it was send an email to phonenumber at vzwtext dot com). For a long time it was the most common form of SMS spam that I got, but IIRC Verizon finally allowed people to disable the email gateway for their account and I believe that I turned it off.

If the recipient is an iMessage user but is not connected at the time, your phone will try iMessage, and will fail to send it, falling back to SMS.

I used to encounter this a lot when communicating with my daughter, because we had a metered data plan at the time and she’d keep her cellular data disabled most of the time. So content to/from her would be iMessage when she was on Wi-Fi, and SMS when away from a Wi-fi connection.

Right, but then any reply back from you would be iMessage if possible. It’s always going to try iMessage unless it can’t.

Plus you need to turn on the setting in Settings / Messages / Send as SMS for that to happen at all, and I believe that is a non-default setting - in my list of things to do when I set up a phone from scratch, I have a step to turn that setting on. (Though it’s been a while since I set up a phone from scratch - about a year now.)

I am slightly shifting the topic of this talk.

In his article Adam wrote

“Should you suffer an iPhone theft, immediately mark the iPhone as lost and wipe it remotely, but do not remove it from Find My.”

I followed the links to the respective Apple Support Documents which advice you to sign in to Find Devices - Apple iCloud to be able to mark your phone as lost and to wipe it remotely, or alternatively to get help from a family member to do so.

I see some practical problems in Apple’s advice:

– you need a device to access Find Devices - Apple iCloud which can be difficult or even impossible in some situations
– even if you can access Find Devices - Apple iCloud via some device you need to recall the details of your Apple ID; mine are in 1Password to which I do not have access when I am without my iPhone and far from my MacBook
– to make use of Family Sharing you need to be able to contact your family which could be difficult without your phone

How would you solve these problems?

Everyone in the world these days has a device with them with a web browser that can access the internet - you need to find someone who will allow you to borrow theirs as soon as possible.

I know that it’s often preached that every password should be random and impossible to memorize, but I think your Apple ID password should be one that you memorize. 1Password has the ability to generated a memorable password. (I know both mine and my wife’s). If you just can’t do so, then have it written down somewhere safe at home and perhaps inside each of your bags when you travel so you can find it in your hotel room, etc. [edit: not labeled or anything: just the password on a piece of paper that you can use to login if you ever need to. You’ll know what it is; you wouldn’t have to write “my Apple ID password is…”.]

Because of the need for this for marking a lost device, logging in to your Apple ID for find my is the one exception to requiring a two factor trusted device approval process when logging in to your Apple ID on a device for the first time.

I think there are a handful of passwords you need to physically remember: the password for your Mac and the password for 1Password are two that come to mind. In my opinion, your iCloud password should be one of those passwords because, like the other two I mentioned, it’s a key to so much more that you need to function.

Many years ago, I had a rather fun experience with a client’s stolen laptop on which we had LogMeIn installed. I could log into the computer and watch the thief use it to shop for car parts, look up an immigration attorney, and view Mexican porn (thankfully without sound). I’ve always wondered what the thief thought was going on when we occasionally wrestled over control of the mouse. Hard to remember now, but I think we recovered the computer by using its various IP address locations in Arizona and Mexico to link the theft to relatives of a Phoenix family whose house it briefly appeared in. IIRC a detective had to use a subpoena to get the physical address from the ISP.

At any rate, I felt like a genuine detective for a while.

It is important to understand that threatening to kill or harm someone is illegal and usually gets the person many years in jail. The police will want to know about that for sure. If the offender is in China, the FBI might be interested.

I hope I’m not hijacking this conversation, and at age 77 I’m not sure I’d have the courage to keep laughing if a subway thief perp told me “Miami” was about to slaughter my family (even if I WERE savvy enough to use Reddit). So I’ll start by making an observation and asking a question on topic.

Observation: Steve Jobs’s obsession with making communications devices as simple to use as a one-button toaster has not survived.

Question: Can the device the thief (or whomever now possessed the stolen phone) used to SEND messages to her be inferred in some way from the traffic itself?

And now, MY question: it used to be that my iMessages app faithfully colored my message traffic with iPhone owners the proper shade of blue. In the last six or seven months, however, conversations with people whom I KNOW are on iPhones and in places where they have Wi-Fi access often turn green with Apple-envy. Why and how is this happening? Do I have something wrong in my Messages settings? The people with whom this happens have iCloud email accounts with Apple-server addresses, and some contacts whose email accounts are hosted on non-Apple servers always keep their iMessage traffic blue.

Can you explain this inconsistency?

Thanks so much.

First of all, only messages that you send have a color, not messages sent to you.

Because apple’s messages app doesn’t tell you exactly how a message was sent, you can only infer from this that your phone lacked connectivity to iCloud when you tried to send and fell back to SMS; or that their phone was disconnected from iMessage when the message was sent to them long enough that the delivery was changed to SMS (I know that iMessage tries to deliver for a brief period of time before it falls back to SMS, but I don’t know the exact timing details); or that there is a bug in Messages that shows the wrong color sometimes.

The FBI is domestic law enforcement - prosecuting Federal cases (typically cases that cross state borders).

International crime is handled by intelligence agencies (for matters of national security) or by the State Department (in conjunction with foreign law enforcement agencies and/or Interpol) for other matters.

But saying that a random stranger in an unknown location, probably China, threatened you isn’t going to be enough to get the State Department interested. And even if they did, all they would do would be to ask China, who would just ignore them.

It’s not like we’re going to raid a random location in a foreign country for something like this.

The best you can hope for is that your report will go into a file along with reports from many other people. And if the perpetrator is ever identifies, they can arrest him the next time he comes to the US, using that file as evidence for the trial.

The FBI has quite an extensive international presence.

https://www.fbi.gov/about/leadership-and-structure/international-operations

(Still don’t know that they’d be interested, but…)

While it may technically be a crime to threaten someone with death or battery a threat alone is rarely taken seriously by law enforcement or prosecutors (at least in the USA).

I work in an ER and my staff and I are regularly verbally threatened, somewhat less regularly attacked, and there are no legal repercussions in my experience.

It’s not just a local pattern, either, my friends and colleagues who work in other ERs face the same.

So while ideally and technically MC’s statement may be true, and it may be true if you threaten someone with enough social status, for most of us it’s not.

Kevin

“As the texts escalated in complexity and rage, I sympathized with their plight. I mean, not enough to unlock my phone. But we’ve all been there – sometimes you get stuck with a difficult project at work.”

Haha!

I had the same issue here in the UK, I reported a few years ago – similar SMS mgs (though I never found out how they got my phone number to text me, as the device was locked and the nano-sim didn’t have my phone number on it?).

Reminds me of the ‘Anom’ FBI international operation:

…and the podcast recently heard about it:

A friend had his iPhone stolen when he went to see the carnival in Rio. The thieves contacted his family via emergency numbers and threatened them. Nothing happened apart from a lost phone, but what function was it exactly they might have used?

If you activate emergency call mode (which can obviously be done without unlocking), there’s a Medical ID slider. That displays any emergency contacts you’ve set up, including their phone numbers.

Thanks @jzw
Interesting, to put emergency contacts under some medical stuff is the last place that comes to my mind. I never use the Health app.

I set this up a while ago. I’m a man of a “certain age” who regularly runs on the road, so I want emergency responders and medical personnel to know how to reach my wife and kids if I’m found at the side of the road, I’m in a car accident, etc. It’s a trade off vs. them getting spammed if my phone is stolen, though, no doubt.

(I actually do have a low-tech Road ID that I wear most of the time when I’m running, but definitely not if I’m just on my street, or when I’m driving somewhere.)

I have a RoadID on my Apple Watch band and also one that hangs around my neck…the latter lives right next to my helmet and is on for all rides.

Upthread it was mentioned that contact information could have been shared in the original Find My “device lost” screen.

And yes, that’s true. If I were to report my iPhone lost using another device like my Watch, the first thing it wants to know is what contact information I might want to include on the screen.

I briefly left an iPad behind in a restaurant when Find My was in its infancy. I realized it about 10 minutes later, activated Find My iPad (Apple was still using full names for this feature at the time), locked the screen, and added my iPhone number to it. I also had it play a sound, then drove back to the restaurant.

They were waiting for me at the door. They weren’t upset, so much, but did remark on both how easy it was for them to contact me and what a loud sound the iPad had been making.

I wonder, these days, whether losing an iDevice that is being backed up on iCloud is worth going through the “Lost Device” phase, especially in the urban setting mentioned in the article. I think I’d be better off proceeding to wiping it remotely and keeping it bound to my account.

Would that also wipe out or cloak the Emergency ID info?

FWIW, on my Android phone (and my Macs), I have the login screen say “Property of … If found, please call (my number)”. I’d actually like it if I could do this with iOS, but I don’t think I can add custom text to the lock screen.

I realize that this will tell a thief how to contact me, but it also makes it possible for a good samaritan (or a lost-and-found department or law enforcement) to let me know that they have my phone, should I accidentally lose it.

It all depends on what you think is more important.

I keep a SIM pin on my iPhone. Works just as well for eSIM (that is what I have). I’m assuming that the SIM pin would prevent the iPhone from being used as anything other than an iPod providing that I haven’t removed it prior to theft or loss and that it isn’t guessed in 3 tries. Is that correct? Is that the extent to which the eSIM is effective? Thanks.

I have lost my wallet twice and got it back with nothing missing. This is an excellent idea.

My lock screen now is a photo that I took on my Olympus camera. I can add text to a copy of that Photo i Photoshop. I do not know if Photos on the mac can add text to Photos, but Preview can.

Drag the image out of Photos then open in Preview use Markup>Text. After saving, drag it into Photos again.

Good idea. Photos can do this directly, no need to involve Preview. Having said which, the shortest way is always the one you know.

Yes, I like to include an email address and phone number on my Macs’ login screens, too. I set this up using Onyx (Parameters > Login > Login Window > Show a message in the login window).

Those who are extremely security conscious may wish to set up a special email address and phone number (e.g., Google Voice) for this purpose, as long as you can access them without your Mac.

This may have been necessary in the past, but on recent releases of macOS (confirmed on my Sonoma installation, and I think it was in Big Sur), you can do it via system settings. Go to Lock Screen → Show message when locked:

Screenshot 2024-06-14 at 11.39.54827×551 99.9 KB

This is a little fancy, but I have a custom Lock Screen for my phone that’s just a pink background that says “This phone is lost. Please contact xxx”. And I have a custom focus called “Lock Screen” that I can set from another device (i.e, my Apple Watch) that will sync the focus to the phone. And I have an automation that runs on the phone that when the “Lock Screen” focus is set it changes the Lock Screen wallpaper to that custom image, locks the phone (if it is unlocked), turns on wifi and BT, turns off airplane mode, turns on low power mode, and turns on cellular data, hopefully before someone who finds it tries to turn off the radios, etc.

It’s an option on my installation of Big Sur.

Again, Big Sur: Security & Privacy → General → Show a message when the screen is locked.

But it doesn’t work (for me). I had forgotten about this feature, and went to set it after your post. (Thank you.) It was already set, be it has not appeared on my locked screen for a long time, if ever (which is why I had forgotten it).

How frustrating. If I remember correctly, Big Sur displayed the message in relatively small print immediately above (or maybe below) the row of icons representing users to log in as.

On Sonoma, it’s above the cluster of bubbles representing users:

IMG_20761920×1438 413 KB

The print is still too small, but it’s there.

For iOS, I found an article with several methods, but all involve either editing the wallpaper image or installing an app with a widget you can add.

Apple should create their own text-only widget so this can be done without third-party software.

I hate it when I make misleading statements. Let me try again. “I have not seen it on my locked screen for a long time.”

And that’s where it is. Well, it’s actually just above the two icons for Cancel and Switch User, but it’s that part of the screen.

My MBA is connected to an external display and is almost always closed. When I’m ready to unlock the screen (because I’m already logged in), I press a modifier key to alert the Mac that something is about to happen, then type my password. (My recollection is that I started this behavior because the Mac would ignore the first character or two of my password if I simply started typing.) Often I finish typing before the external display comes on, so I don’t see the locked screen.

There is a dumb workaround: bake the text into your lock screen image.

What temperature?

(I’ll see myself out)