MacDirectory Magazine

Charlie Adlard

MacDirectory magazine is the premiere creative lifestyle magazine for Apple enthusiasts featuring interviews, in-depth tech reviews, Apple news, insights, latest Apple patents, apps, market analysis, entertainment and more.

Issue link: https://digital.macdirectory.com/i/1176476

Contents of this Issue

Navigation

Page 24 of 131

been well-secured, which suggests that there's a bad privacy or security bleed happening somewhere in the system, whether it's from the iPhone itself or via the carrier networks. All smartphone manufacturers and the mobile carriers need to find out how the attackers are harvesting personal information from their victims with nothing but a locked stolen phone. Clearly they have found a route they can leverage to extract key pieces of information, likely through a multi-step process. A thief should not be able to extract the victim's contact information from a locked stolen device. -Marc Rogers There are also valid ways that a thief could obtain contact information from a locked iPhone. For example, there may have been uncleared notifications in Notification Center that could display any number of personal details, in addition to widgets on the Today screen, or even cards in Apple's Wallet app. Notably, a bug found in iOS 13 a few days before its public release allowed users to bypass the iPhone lock screen to view contact info, and while the issue was reported to Apple back in July, it wasn't patched until iOS 13.1 was released. Rogers doesn't specif y what version of iOS his son was running, other than that it was up to date, however in an article by Rogers on Dark Reading, he notes that the theft occurred on June 30, during the San Francisco Pride Parade, at which time the latest non- beta version of iOS was 12.3.1 (12.3.2 for the iPhone 8 Plus). The iOS 13 public betas available at that time, however, would likely have suffered from this particular vulnerability. What This Means For You While the idea that thieves can get into your stolen iPhone is concerning, it's still unclear from Rogers' story exactly how much information they could access, or even whether they obtained his son's contact info from the iPhone itself as opposed to using other means. Certainly, despite Rogers' note that the SIM card "had been killed," it's likely that the number was still stored on the card itself, plus if the phone remained out of data coverage, any "kill" instructions from the cellular carrier would not have reached the iPhone any way. Regardless, however, the same basic internet safety rules apply here when dealing with a stolen iPhone, and no matter how badly you want to be reunited with your device, it's important to treat any communications you receive with a healthy dose of skepticism. 1. Don't turn off Find My iPhone. Ever. Apple will never request that you do this for a lost or stolen iPhone, and there is absolutely no reason why anybody who has " found" your iPhone would need you to do this either. The minute you disable the feature, you've basically surrendered your iPhone to the thief. 2. Don't click on links sent to you. No matter how you receive a link, or how trustworthy or legit the email or message looks, just don't do it. If you need to log into Apple's Find My iPhone portal to check on the status of your lost iPhone, make sure you open a new browser page and go directly to the page by typing in the address. Better yet, use the Find My app on another iPhone or iPad if you have one available, even if it's from a friend or family member. 3. Set a strong alphanumeric password on your iPhone. One of the biggest hidden benefit s of Face ID and Touch ID is that you don't need to type in your password very of ten. This makes it much easier to use a complex alphanumeric passcode, rather than a four- or six- digit code that can more easily be compromised by hackers. Here's how to set one up. 4. Disable Notification Previews for Sensitive Apps. Even on a secured iPhone, Notification Center can be a treasure-trove of information, so it's a good idea to disable Notification Previews for apps that might show data that you wouldn't want anybody else — especially a thief — to see. Plus, if you're using a Face ID equipped iPhone, hiding your notification previews won't get in the way of seeing them yourself, as they'll automatically be unhidden as soon as it recognizes your face. See here for how to do this. 5. Disable Lock Screen Features. If you really want to make sure your iPhone is secure, you can lock down your lock screen even further, preventing access to the Today View, Notification Center, Control Center, Wallet, and more. Although this may make your iPhone a little less convenient to use, it significantly reduces the amount of information that would be available to a thief, and again with a Face ID equipped iPhone, it shouldn't be too cumbersome, as you'll only use most of these features when you're looking at your iPhone any way, in which case they'll still be available once your iPhone recognizes your face. Here's how to change these set tings. 6. Act fast. If your device is lost or stolen, don't delay — enable Lost Mode immediately and if you're concerned about your sensitive data, set it to remote wipe. It may not work, but you've got nothing to lose by trying, and even if it doesn't happen right away, Apple's servers will queue up the request and send it out as soon as your iPhone reappears. Lost Mode also silences all alerts from appearing on the device, improving privacy and security. It also immediately invalidates all of your Apple Pay and student ID cards — even if your device isn't online, and as secure as Apple Pay already is, this aspect alone is a very good reason to enable Lost Mode even if you think your iPhone has no chance of reappearing.

Articles in this issue

Archives of this issue

view archives of MacDirectory Magazine - Charlie Adlard