Several months ago, a surge in iPhone thefts was reported in big cities from Los Angeles to London and New York to Nairobi. Anecdotal evidence indicated a scary new scam: thieves would wait in crowded bars, restaurants, train stations, and nightclubs, watch users enter their passcodes, and then swipe the devices while logged in.
Many victims reported losing thousands of dollars from financial accounts within hours—along with irreplaceable photos, important files, login credentials, and other critical components of our digital identities. Law enforcement struggled to respond, targeting the leaders of iPhone theft rings while street-level crime continued to grow.
Now, Apple has rolled out an update to its iOS operating system with a new feature called Stolen Device Protection. This setting makes it more difficult for thieves to access key functions and settings, wipe phones for illicit resale, or reset Apple IDs. Law enforcement and cybersecurity experts urge users to turn on the new setting immediately.
Why is Stolen Device Protection so important?
A new setting included with the latest iOS, version 17.3, Stolen Device Protection is buried in your iPhone’s settings. But it addresses a high-profile vulnerability—stolen phones often lead to users being locked out of their Apple accounts, with iCloud backups deleted and bank accounts drained after passwords are stolen from the Keychain password manager.
Stolen Device Protection tracks a user’s “familiar locations,” such as their home or workplace, and constructs extra layers of security if someone tries to use the device to perform specific actions away from those places.
The new setting also reduces the importance of passcodes, which thieves can steal by peering over someone’s shoulder or threatening and forcing victims to hand them over, in favor of biometric features such as Face ID or Touch ID that are much more difficult to duplicate. Any request to erase an iPhone’s contents or reset system preferences to their original factory settings will also trigger Stolen Device Protection.
Why is Keychain a worry?
The new setting arrives at the right time—security experts have warned millions of Apple users about a new scam designed to extract sensitive personal and banking information from the Keychain feature.
A new phishing scam identified by Trend Micro delivers several fake iCloud alerts containing malicious links. These fake alerts include alarming copy like “Cloud Service Termination,” “Account Suspended,” “Upgrade Now or Lose Your Files,” and “Storage Alert.”
When the links included with those messages are clicked, unsuspecting users are redirected to a fake iCloud login page. Once they log in, scammers can instantly access a device’s Keychain passwords, putting credit card information and website login credentials at risk.
What else does Stolen Device Protection do?
In addition to protecting Keychain passwords, the new Stolen Device Protection feature slows down hackers if they try to undertake a host of other actions on a stolen device located in an unfamiliar place. This includes accessing payment methods saved in Safari, turning off Lost Mode, applying for a new Apple Card, or using the iPhone to set up a new device.
If a thief tries to sign out of an Apple ID account, change an Apple ID password, or deactivate biometric login protocols, they’ll have to authenticate using Face ID or Touch ID, wait an hour, and then perform a second facial or fingerprint scan. This of course can lead to some headaches for average device users who lose their phone and find themselves temporarily locked out of their accounts. But law enforcement officials say the extra steps are worth it to prevent the massive financial losses and identity theft they previously struggled to contain.
As Apple said, “The security delay is designed to prevent a thief from performing critical operations so that you can mark your device as lost and make sure your Apple account is secure. When your iPhone is in a familiar location, these additional steps will not be required and you can use your device passcode like normal.”
How is Stolen Device Protection activated?
The feature does require a few steps. First, visit Settings > General > Software Update, download the latest iOS 17.3 update, and let the process finish on your iPhone. Then, open Settings and navigate to Face ID & Passcode or Touch ID & Passcode and enter your passcode. Scroll down and you’ll see Stolen Device Protection.
Depending on your iPhone model—it works with XS and newer models, including second- and third-generation SE models—you’ll need to tap or toggle to turn it on or off. Also, make sure you’ve first activated multi-factor authentication and Find My Device for your Apple ID account, or Stolen Device Protection won’t show up.
What else can be done to protect devices and digital identities?
CMIT Solutions recommends the following steps:
• Work with a trusted IT provider to enable automatic updates. Many users are hesitant to execute these kinds of complicated updates. Instead of being worried about irregular security patches and unreliable applications, a trusted IT partner like CMIT Solutions can provide an extra level of support by reviewing updates before they’re installed, providing extra training for employees when needed, and ensuring that patches roll out during off-hours when staff members won’t have their work disrupted.
• Consider other subscription-based applications. The Software-as-a-Service (SaaS) format has become more and more common, particularly with popular software suites like Microsoft Office and Adobe Creative Cloud. The benefits of this model are that critical apps like Outlook, Word, and PowerPoint are updated regularly via cloud-based connections. But there are drawbacks, too, such as when apps like Outlook are completely overhauled without the option to stick with a classic version. In the best-case scenario, this can confuse users who aren’t accustomed to change—and in the worst-case scenario, it can disrupt day-to-day operations.
• Be patient with less critical software updates. There’s a big difference between critical security patches that fix serious problems (like the one for Apple devices described above) and fun new software or hardware toys. Sometimes, rushing toward the latest and greatest app or device can lead to trouble for businesses. At CMIT Solutions, we recommend that our clients wait several months for anything classified as “nice to have” (like new operating systems or newly released devices). This gives tech companies time to work out the inevitable bugs and flaws that come with fancy but untested new tools.
• Keep other devices up-to-date. Wi-Fi routers, hard drives, printers, servers, and even thermostats are powered by software. Security patches and updates are equally important for these key parts of company infrastructure. With Internet traffic flowing to and from these pieces of hardware day in and day out, it’s just as important that you extend the same level of cybersecurity protection to them as you do to your laptops, desktops, and smartphones.
If this all sounds like a lot to handle, we’re here to help.A trusted business partner like CMIT Solutions can help you implement security updates while protecting important software and hardware. We take a proactive approach to these kinds of situations, addressing vulnerabilities and rolling out support quickly to minimize downtime and maintain uninterrupted operations.
We have 25 years of experience working with operating systems, software applications, and patch rollouts. We set up automated alerts that inform our IT staff of new vulnerabilities before they can be exploited by hackers, and we prepare for every possible cybersecurity contingency.
In addition to software updates and device management, CMIT Solutions provides proactive IT monitoring and maintenance solutions, automated data backup services, disaster recovery and business continuity planning, network security, and much more. Contact CMIT Solutions today to find out more about how we can help your business.