WoodFlor

Q: Disappointed with Apple

I've used Apple iPods and iPhones for many years.  I bought my wife a 1st Gen iTouch, my kids had 5th Gen iTouch's, and I've gone through iPhones from version 4 to version 6.  Three weeks ago my daughter's iPhone 6 was stolen while we were in San Francisco - she was crushed.  But I told her not to worry because we had locked it with iCloud Activation.  We went on the iCloud website and I showed her the status was set to On and we would most likely be getting the phone back.  I put it in Lost/Stolen mode that very day and it remained offline until yesterday.  At 4:30 PM EST I was sent a message stating it was online.  I quickly logged into Find My iPhone and it showed up under my daughter's account but showed as Offline.  I checked Activation Lock and it still said On.  Over the next hour, I tried numerous times to reach the phone with no luck and then it suddenly disappeared from my daughter's account.  When I went to the iCloud site and entered the serial number of the phone it then said Activation Lock was Off and that the device could now be activated by a new user.  I contacted Apple Support via telephone and they confirmed it had been tied to my daughter's account but now it was not - Apple claimed the only way that can happen is that they guessed her password and turned it off or they completely destroyed the phone.

 

I just don't understand how Apple can make a sweeping statement on their website that iCloud Activation Lock prevents anyone from using a phone that is stolen or found.  Please don't post any replies saying I'm an anti-Apple troll - I'll most likely be getting a 6s to replace the stolen product because I do like the products but I'd like Apple to improve this tool to the point where it actually delivers what is advertised.  My first suggestion to them is to force the user to enter the password before turning the device off - in this instance the criminal turned it off the second they stole it.  My other recommendation is to put some sort of emergency sim card on the board so it can communicate with any tower even if the main sim card is removed.  I honestly believe that if the criminal had to carry it around for a few hours with it still communicating its location then they will think much harder before grabbing it.

 

Has anyone else had an experience like this?  Or does anyone else have other recommendations to make this type of theft a thing of the past?

 

Thanks!

iPhone 6, iOS 9.3.2, Activation Lock

Posted on Jun 26, 2016 8:11 AM

Close

Q: Disappointed with Apple

  • All replies
  • Helpful answers

Page 1 Next
  • by Limnos,

    Limnos Limnos Jun 26, 2016 8:19 AM in response to WoodFlor
    Level 9 (53,951 points)
    Mac OS X
    Jun 26, 2016 8:19 AM in response to WoodFlor

    http://www.apple.com/feedback/ - Apple products feedback links

  • by Malignance,

    Malignance Malignance Jun 26, 2016 9:32 AM in response to WoodFlor
    Level 5 (4,470 points)
    iPhone
    Jun 26, 2016 9:32 AM in response to WoodFlor

    Hello WoodFlor,

     

    If I may I'd like to share a few security tips that I've found to be useful on my devices. The fist line of defense is a strong passcode. Settings > Touch ID & Passcode > Use 6 digit passcode. Next go Settings > General > Restrictions > Enable Restrictions > Use a code that is different then the lock screen. Please don't forget this passcode. Scroll all the way down to <ALLOW CHANGES> > Accounts > Don't Allow Changes. You will find that this greys out your iCloud settings so that anyone that wants to shut off Find My iPhone must first go through the restrictions. It goes without saying but I'm going to say it. Avoid using consecutive numbers (e.g. 123456) or multiples of the same number (e.g. 999999). Now let's play out the scenario, bad guy gets ahold of the phone, first they have to get past the unlock screen passcode, then they think turn off Find My iPhone where they are met by greyed out iCloud settings. If they're smart enough to figure out restrictions are on they have to crack that passcode as well. Finally if by some miracle they crack both the lock screen and restriction passcodes they have to then crack the Apple ID passcode to shut off Find My iPhone. I understand that none of this will help you to get the stolen iPhone back, moving into the future these setting should make it significantly harder for anything like this to happen again.

     

    Best regards,

     

    Mal

  • by KiltedTim,

    KiltedTim KiltedTim Jun 26, 2016 9:41 AM in response to WoodFlor
    Level 9 (55,537 points)
    Mac OS X
    Jun 26, 2016 9:41 AM in response to WoodFlor

    The message you got was most likely a phishing message sent by whoever found the phone. I'm assuming you followed the link in the message and provided the thief with the credentials for the iCloud account the phone was locked with, allowing them to remove the activation lock.

  • by Michael Black,

    Michael Black Michael Black Jun 26, 2016 9:49 AM in response to WoodFlor
    Level 7 (24,457 points)
    Jun 26, 2016 9:49 AM in response to WoodFlor

    WoodFlor wrote:

     

    My other recommendation is to put some sort of emergency sim card on the board so it can communicate with any tower even if the main sim card is removed.

     

    Has anyone else had an experience like this?  Or does anyone else have other recommendations to make this type of theft a thing of the past?

     

    Thanks!

    This idea is literally not possible for Apple to implement.  The carriers controls which devices can or cannot connect to their networks, not Apple.  Apple can stick any SIM card in there they like, but it would be entirely up to the carriers to actually allow that SIM to connect to their networks.

     

    Honestly, find my iPhone and iCloud are only as secure as you make them.  If you use a truly complex passcode and never share it with anyone, and enable and 2-step verification, it will be near impossible for anyone to disable find my iPhone as they cannot crack your iCloud account to do so.  But if you use a simple or easily guessed passcode, or share it with friends and such, then all bets on security are off.

     

    Its also important to note that while find my iPhone and activation lock are both linked to your iCloud account and login ID, the former is really nothing more than a convenience feature to find a lost device, while only the latter is actually intended as an anti-theft device.  They really are two distinct services, with quite different intentions and capabilities.

     

    I'd also add to Malignance's suggestions to go even beyond a 6-digit screen lock passcode.  Since 99% of the time, you're using your fingerprint to unlock the device, go ahead and enable a truly strong passphrase and not merely a numeric PIN (and do NOT use the same passphrase as you use for your AppleID and iCloud login).

     

    P.S. a complex passphrase in my mind always means at least 8-12 characters, at least one numeric and one "special" character (e.g. $ & # ! ? * ) and at least one change of case.  While it can be based on a sentence or phrase, it is never based solely on a single word that could be found in any dictionary.

  • by WoodFlor,

    WoodFlor WoodFlor Jun 26, 2016 12:47 PM in response to Malignance
    Level 1 (4 points)
    iPhone
    Jun 26, 2016 12:47 PM in response to Malignance

    I'm fairly certain there is no way the thief even got passed the screenlock passcode since it was not of the 4-digit numeric kind and my daughter used her fingerprint anyway.  I honestly believe these thieves have a tool that basically bypassed all of the security which I'm sure everyone will tell me is impossible.

  • by WoodFlor,

    WoodFlor WoodFlor Jun 26, 2016 12:51 PM in response to WoodFlor
    Level 1 (4 points)
    iPhone
    Jun 26, 2016 12:51 PM in response to WoodFlor

    In response to KiltedTim, the text messages came from apple.icloud.com.iphone.appleid.????@apple-apple.pw and directed me to apple.find-app-us.com which seems to point back to the main iCloud site - is that not the case?

  • by Michael Black,

    Michael Black Michael Black Jun 26, 2016 1:02 PM in response to WoodFlor
    Level 7 (24,457 points)
    Jun 26, 2016 1:02 PM in response to WoodFlor

    Sorry, but certainly not legit.  The .pw is the country suffix for Palau which is a tiny little Pacific island nation (a groups of islands of total area less than 500 sq. miles and where Apple has no corporate presence and which is known as a popular place for scammers and bogus internet hosts to operate from).

     

    Also note that nobody needs the device's screen lock access code to disable activation lock.  All they need to do is hack your iCloud account and they can disable it from a web browser if they have access to your iCloud account.

  • by WoodFlor,

    WoodFlor WoodFlor Jun 26, 2016 1:05 PM in response to Michael Black
    Level 1 (4 points)
    iPhone
    Jun 26, 2016 1:05 PM in response to Michael Black

    Looks like I was played yet again then - just out of curiosity, whenever I login to my Outlook from a new computer it says it doesn't recognize me and ask for a second verification - why wouldn't Apple have the same feature on the iCloud site so some stranger can't just login from their computer even though they have proper credentials?

  • by Michael Black,

    Michael Black Michael Black Jun 26, 2016 1:42 PM in response to WoodFlor
    Level 7 (24,457 points)
    Jun 26, 2016 1:42 PM in response to WoodFlor

    Apple does have a 2-step verification system for AppleID's if you chose to use it - Frequently asked questions about two-step verification for Apple ID - Apple Support  Two step verification replaces the system of security questions otherwise used to help protect your AppleID.

     

    And if you have more than one iOS device running iOS 9 or higher or also an OS X device running 10.11 or higher, there is also 2 factor authentication built in - see Two-factor authentication for Apple ID - Apple Support

     

    P.S. while it is sometimes a little confusing to people, these are two separate security systems.

  • by KiltedTim,

    KiltedTim KiltedTim Jun 26, 2016 1:44 PM in response to WoodFlor
    Level 9 (55,537 points)
    Mac OS X
    Jun 26, 2016 1:44 PM in response to WoodFlor

    Sorry. You got scammed. They were able to remove the activation lock because you gave them the credentials to the account. You need to immediately change the password for that account if you haven't done so and inform your bank that whatever bank card you had linked to it may have been compromised. If you're lucky, the scammer didn't already change the email address associated with it and/or the security questions. Any data that was stored in iCloud, including the contents of any notes and any apps that sync data to iCloud must be considered compromised at this point.

  • by Michael Black,

    Michael Black Michael Black Jun 26, 2016 1:52 PM in response to WoodFlor
    Level 7 (24,457 points)
    Jun 26, 2016 1:52 PM in response to WoodFlor

    Even if they hacked your daughters iCloud account and disabled activation lock, they will have to get past the iPhone's screen lock passcode independently to get at any of her content.  Disabling activation lock would allow them to restore the iPhone as use it, but that very process will wipe your daughters data and everything from the phone.  So her personal information and data should be safe regardless, assuming you have since reset her iCloud account so the their no longer has any access.

     

    Sync'd data like contacts, email and notes should be considered compromised, but as long as you have changed the passcode since the theft, they cannot get back in. If you have concerns or issues getting back into the iCloud account, then contact Apple by telephone and get them to help you lock it down or regain access.

  • by WoodFlor,

    WoodFlor WoodFlor Jun 26, 2016 1:58 PM in response to Michael Black
    Level 1 (4 points)
    iPhone
    Jun 26, 2016 1:58 PM in response to Michael Black

    Fortunately, this was my daughter's iPhone and her credentials - no bank information on her device and no credit card's tied to her Apple ID.  So here is my next question, if someone puts their content on the phone, they can only use this thing as a glorified iPod right?  They can't actually connect it to a carrier using the Serial # on it if I have reported it stolen to my carrier right?

  • by KiltedTim,

    KiltedTim KiltedTim Jun 26, 2016 2:03 PM in response to WoodFlor
    Level 9 (55,537 points)
    Mac OS X
    Jun 26, 2016 2:03 PM in response to WoodFlor

    Not necessarily. It depends on whether your carrier decides to put it on the blacklist. Never mind the fact that blacklists are not universal. They could easily sell it off and ship it out of the country, at which point the US blacklist is meaningless. Either way, it's gone. You'll never see it again. Check your homeowners or renters insurance policy to see if it might be covered.

  • by Michael Black,

    Michael Black Michael Black Jun 26, 2016 2:09 PM in response to WoodFlor
    Level 7 (24,457 points)
    Jun 26, 2016 2:09 PM in response to WoodFlor

    As KiltedTim mentioned, unfortunately there is no globally universal carrier blacklist.  In the USA there is a USA-universal blacklist system, and it is also shared now by most or all carriers in Canada and Mexico, so definitely worth reporting to your carrier.  But if it gets sold overseas on the internet, it may still be able to be used on some foreign carrier's network.

Page 1 Next