Apple is addressing a critical security vulnerability that has enabled iPhone thieves to hijack customer accounts, access passwords, and even steal money.
The tech giant is rolling out a new iOS setting, ‘Stolen Device Protection’, to iOS 17.3 beta testers, available now. This feature is designed to defend against the sophisticated attacks that have plagued iPhone users nationwide in the U.S.
The Wall Street Journal previously reported a series of thefts across cities like New York, Chicago, and New Orleans, where criminals observed and stole iPhone passcodes, leading to significant personal and financial losses for the victims. Apple’s new setting aims to mitigate these risks.
“We have heard from hundreds of people over the past year whose iPhones and digital lives were stolen,” the Journal reported, highlighting the widespread impact of these thefts.
Stolen Device Protection, slated for inclusion in a future software update, will introduce several security enhancements. For instance, changing the Apple ID password or enabling a recovery key will require two biometric scans an hour apart when the user is away from familiar locations like home or work. This measure is designed to prevent unauthorized access to critical settings and personal data.
“Testing is now available for Stolen Device Protection. This new feature adds an additional layer of security in the unlikely case that someone has stolen your phone and also obtained your passcode,” explains Apple’s screenshot detailing the feature.
🆕 Earlier this year, @joannastern and I reported on how thieves stole iPhones and their passcodes to devastating effect. Today, Apple announced Stolen Device Protection, a new iOS 17.3 beta feature that aims to protect against those crimes. Here’s how: https://t.co/zhPikafmEd
— nic nguyen (@nicnguyen) December 12, 2023
“Accessing your saved passwords requires Face ID to be sure it’s you,” says Apple. “Changing sensitive settings like your Apple ID password is protected by a security delay,” and “No delay is required when iPhone is at familiar locations such as home and work,” notes the feature’s description.
The new security feature also requires Face ID or Touch ID for accessing passwords in the iCloud Keychain, adding an extra layer of protection for sensitive information. However, Apple warns that the passcode alone can still unlock the phone, leaving unprotected apps and accounts vulnerable.
Apple advises users to create complex alphanumeric passcodes, add PINs to sensitive apps like cash and crypto platforms, and act swiftly to remotely wipe devices in case of theft. The company plans to prompt users to enable Stolen Device Protection in the upcoming iOS update, accessible under the Face ID & Passcode settings.
It’s good to see that Apple is coming up with a solution to address this security concern, even if it’s coming late. Sad to see some people get their lives upended by terrible thieves, however.
