It seems that most of these problems would be solved by a time delay, like on safes at gas stations. You can disable the "Find my iPhone" service, and it will show as disabled, but it will actually stop working 48h or 72h later, so that there is a time window in which to catch criminals.
As always, the important thing here is for criminals to know this: even if they force you to unlock the phone, they are not off the hook.
I think 48/72 hours is in-practical - I would guess that the most common legitimate reasons for disabling Find my iPhone is either 1) to sell the phone 2) To get it repaired by apple.
Asking these people to wait two days before they can get their phone fixed or to sell it wouldn't be a nice user experience. Can you imagine the amount of pissed off people in the Apple store waiting to get their screen fixed only to be told to come back in 2 days?
1-2 hours would be the ideal candidate I think without being a inconvenience.
Another idea would be a 24-48 hour window to 'revoke' the disabling of the activation lock. Perhaps they can login to Apple ID website to reinstate activation lock remotely.
The 72h window should notify the owner and allow them to go in and flag the device as stolen. Once the device is stolen, it should essentially brick itself as soon as it connects to a network and reaches Apple's servers. The device could only be unbricked by bringing it to an Apple store and showing ID to prove ownership.
Interestingly enough I was in Vietnam last week and had my iPhone XR snatched out of my hands by a guy on a motorbike. I locked it immediately from my partner's phone and noted that it had been immediately switched off. I figured it was surely gone forever and pretty much straight away went and bought a new iPhone.
When I was setting up my new phone I restored my latest backup from iCloud and upon doing so, my old stolen phone was no longer trackable since iCloud recognises the new one as being the old one.
Although I am far from an Apple fanboy, I feel that their phones are the least-bad choice at the moment but I am really starting to question that after this experience. Not very happy about that, Apple. I am interested to know if by doing that the phone is now unlocked, or what the deal is, but I can't, since it's no longer trackable.
Don’t think this is correct. My list of devices is littered with the old devices I restored backups from onto new devices. I have to do extra steps to wipe and remove a device to be able to be adopted by new homes.
That said, it is a pet peeve of mine that the new phone from old backup workflow doesn’t prompt for a new device name or to rename the old device. Reusing the name can be confusing if/when you still have both devices.
Yeah, I just checked my account and the phones that I didn't sell or send back to Apple are all still in my account, despite all being on the same backup chain.
I suspect that the user above fell victim to something similar to what was mentioned in the article and had the device removed from their account that way.
It's probably no longer trackable not because you added a new phone to the account, but instead because the thief just used one of these tricks to remove your old phone.
Vietnam is a popular destination for stolen laptops. Stolen devices registered with Apple MDM show up all over the world, but there is a disproportionate number of devices in Vietnam.
> Interestingly enough I was in Vietnam last week and had my iPhone XR [...]
That's not interesting IMO, that's asking for trouble. You go with a device worth 1000 USD or so to a poor country. You use the device on the streets. You're basically putting a bullseye on yourself saying "rob me!" Get a dumbphone/tourist phone instead.
Personally, i lost my iPhone 3 yrs ago, since then I have got many phishing emails, which leads to an Apple-like website.
I always type something like, "betterlucknexttime" for password, just for fun.
I'm always tempted to answer to clear phishing or scam e-mails telling the sender to FO, or folllow the link to the predictably broken website for a laugh, but then I think that it makes more sense to just move the email to the spam folder and move on.
Why give further information to the scammer, even if it's just my IP address?
Had my iphone pickpocketed in Indio, CA and was relentlessly texted icloud looking links. I spent the time to report a few of the fake icloud websites to their hosting provider, hetzner. They took them down and that made me feel slightly better. The phone did eventually call home, GPS said it was in china.
To make it "new" or virgin they need to replace the CPU an the baseband, I'm not sure how they manage the secure enclave problem as the touch id is tied to the CPU.
Yeah this is wrong. You would need to replace the CPU, both eeproms, and baseband CPU, along with reprogramming the nand with the matching serial and mac address from the clean components. Its not feasible. Now for an ipad, thats another story. I've done hundreds of unlocks for them, since they either don't have an IMEI or can easily be converted to Wifi only, then you only need to remove the nand and reprogram with clean activation data that can easily and cheaply be found online from old retired ipads that are no longer in use. Sometimes you have to replace the wifi modules, as the drivers are different between wifi only and cellular versions.
The article linked to a 34 minute YouTube video which demonstrated one unlock method: they replaced a locked iPhone's CPU, baseband CPU, baseband EPROM, NAND Flash (reprogrammed), and touch ID sensor with ones from a donor iPhone and were able to restore iOS.
Apple should have an under-duress alternative iCloud password which behaves identically to the real password, but with all the changes totally reversible using the real password, as well as silently alerting the authorities with location tracking etc.
TLDR; The article says many people are being mugged to give away their iPhone at gun point and then scammers somehow reset the device for resell. They describe 3 techniques to do reset the device (1) phis victim (2) fool Apple store manager (3) reprogram CPU. I don't see how any of these would be effective. I would guess mugger would simply ask password and do it himself. The article needs technical review.
Well, if it is organizecd crime I could imagine they could use some sort of coercion on the store manager. Or even better yet they could simply bribe a store manager. But if there is a manager with the power to unlock then he is the weak point.
Walking into an Apple Store and threatening the manager is a quick way to end up in prison for a long time. The stores are under heavy surveillance. Don’t let the lack of guards fool you, they know who is doing what with loads of face tracking.
Org crime would never walk into a place and start making threats, they would approach the manager through somebody they both know in the community who makes the bribe offer 'just produce fake receipts, unlock phone and pocket $100 each time'. These stores are all over the world it's probably not impossible to convince the manager of a foreign Apple store in a highly corrupt country making peanuts to reset iCloud logins on stolen US phones that have been shipped over.
And if they did not take the bribe then the next step would be coercion and again it would happen outside of the store. But my bet is there are plenty of people out there willing to take the bribe for what ever reason. I think they get about $65,000usd salary on average according to glassdoor. Plenty of room to take offers for a better lifestyle.
Not really. The next time you try to activate it. The activation servers will recognize it as being attached to an iCloud account and ask for your iCloud password.
This is why resellers want it removed from iCloud and will visually confirm it. You can get halfway through the setup process before realizing it’s still locked to another account.
We learned the hard way, once, when returning a company phone.
Activation lock effects the ability for the phone to be set up (e.g. activated).
Actual data on the phone is encrypted to a set of keys, that are themselves protected by the SEP, which checks the passcode, does the timer enforcement, and increments counters, etc.
The moment the device is reset/wiped the keys are gone forever and the data cannot be recovered (even if your took it apart and read the flash directly)
I read it, and it's mostly wrong. The truth is in the first 2 paragraphs (muggings where they force you to disable activation lock), then they cover a bunch of rare cases.
He did, I believe. The question is, if I were a criminal and robbed someone at gunpoint for their iPhone, would it make any sense to not ask the victim about their iCloud password at the same time? I'd still be going down with armed robbery if caught, but if not caught I'd still be ahead either over $150 to pay for a corrupt Apple manager to unlock it or have the bad luck of being recorded on Apple security cameras while spoofing the Genius Bar employee with a fake invoice?
I don't care much about the repair industry, they can sell every part of a phone, both legit or stolen, except the display and the logic board. The display can't be resold anyway as it will have been extensively scratched anyway and the logic board rarely breaks.
I legitimately don't know my iCloud password, it's in (and generated by) my password manager, so if my phone asks me for it, I need to go to my PC and open Keepass.
I think it may be stretching it a bit, but do not rule out that “Asking” for a password and using it or forcing a user to use it could be seen as breaking into a computer system.
If so, this could lead to an additional sentence, for cybercrime.
As a robber, you probably also do not really want to spend time “negotiating” with your victim over their password, thus giving them more time to see your face, spot your accent, etc.
>If so, this could lead to an additional sentence, for cybercrime.
I think you're giving criminals too much credit here. Risking a few years in jail to get $200 when you can get that risk free working a minimum wage job means they either don't care about the punishment, or they don't think they're going to be caught.
As always, the important thing here is for criminals to know this: even if they force you to unlock the phone, they are not off the hook.