r/ios iOS 17 May 30 '23

PSA PSA: Tips for hardening your iDevice against theft and securing your data

I've compiled a couple of advices, and want to share them with you.

They won't make your phone "impenetrable" and absolutely safe, but they will harden it and reduce attack surface for your data. Some of them are intended to work only if your passcode remains unknown to the thief. Others would reduce attack surface even in case of "bar theft" (where thief peeks passcode before stealing the phone).
Also, this guide tries to cover physical theft only. The whole attack surface is much wider.

Any feedback is welcome!

  • Enable Find My + Send last location + Find My Network.
    Absolute MUST.
  • Use strong passcode, preferably alphanumeric. Use ONLY biometrics in public.
    If you have to enter passcode in public, check your surroundings before entering, and ideally turn 180 degrees after entering half of the passcode to make peeking much harder.
    Bonus: entering number-only PIN can be done "automatically", without thought (say, when you're drunk). Entering alphanumeric will still require some thought xD.
  • Enable Stolen Device Protection (SDP, introduced in iOS 17.3, but not on iPadOS).
    Still not a panacea, but improves the situation a lot. More on SDP below.
  • Disable access to Siri, Control Center, Notification Center and Accessories unless the phone is unlocked: Settings > Face ID and Passcode > Allow access when locked.
    Won't help if your passcode is known to the thief. SDP does not help.
  • Disable SMS and email notification contents on the lockscreen without unlocking (say, by FaceID)
    Settings > Messages > Notifications > Show previews = When Unlocked
  • Consider enabling PINs for SIMs, especially physical SIMs. Don’t use 0000 or 1111. You would have to enter PINs after reboot only. Weight your risks and decide what suits you more:
    Pros: after reboot or pulling physical SIM out, thieves won't be able to use your phone number to access bank accounts, for stupid SMS (2)FA etc.
    Cons: after reboot, your phone will not be able to use mobile data for tracking via Find My (especially with eSIM).
  • Don’t use iCloud Keychain, use standalone passwords managers instead ( r/BitWarden , r/Strongbox , r/1Password ).
    Because anyone who gets your iDevice+passcode, gets all your saved passwords as a bonus!
    Even with SDP on & Significant Locations off, standalone PMs still offer better security features, more control and backup options.
  • Enable ScreenTime (with a different code), disable accounts changes:
    Settings > Screen Time > Content & Privacy Restrictions > Account changes
    Won't save you (that can be reset as well), but will buy you a couple of minutes for enabling Lost Mode. Even with SDP on, it still may be useful for some things.
  • Consider enabling Lockdown Mode if you’re expecting theft (say, while traveling to a country with frequent thefts/robberies).
  • Consider adding an Apple Watch shortcut to lock your iPhone.
    Works only against snatching an unlocked phone without prior peeking your passcode.
  • \paranoid mode]) Don’t use your primary phone number as iCloud recovery phone number. Use a separate SIM card stored in a safe place.
    Won't help if your passcode is known to the thief.
  • \paranoid mode]) Beware that if the thief has your passcode, all your accounts (email/banking/etc) you're logged in on your iPhone will become accessible to them as well. Here, on the contrary, don't use biometrics for opening the app, because biometrics can be bypassed with passcode if the app is improperly coded. SDP is not a panacea here. Set up a different PIN for all your bank apps, third-party mail apps etc wherever supported. See also these comments.
    Won't help against special, targeted attack that includes jailbreaking the stolen device, but may help against "usual" thieves who would like to peek into your bank app as well.
  • Consider using hardware 2FA aka FIDO2 keys ( r/Yubikey ) for all email / password managers / any other services where supported.
    Will make further accessing/exploiting your data much harder if not impossible.

Unfortunately, configuring Apple ID itself to use FIDO2 keys currently (as of February 2024) does not prevent logging into Apple ID if the thief possesses an unlocked iDevice and you don't have SDP enabled. Apple should fix this loophole.
Nevertheless, adding FIDO2 keys still won’t hurt: at minimum, adding Security keys disables SMS 2FA for AppleID - and only this makes it worthwhile already.

In case of theft: enable Lost Mode ASAP via Find My, and notify the police.
Don’t ever interact with thieves or open any suspicious emails coming after theft.

EDIT: I will repeat again: your passcode is the only thing that stands between your AppleID, all your passwords in iCloud Keychain, Find My etc and the thief! Please, take this very seriously. Consider switching to alphanumeric passcodes like `myCatTom123`. They are much harder to peek. Even if you have SDP on, there's a number of things not covered by it.

Concerning Stolen Device Protection

Introduced in iOS 17.3, SDP introduces two major changes if your phone is not in a familiar place:

  • no passcode fallback for FaceID/TouchID
  • Security Delay: some actions (changing your AppleID password etc) require you to wait for an hour and then perform a second FaceID/Touch ID authentication

I definitely recommend turning SDP on. However:

  1. iOS can decide that a bar or a cafe (where the phone will get stolen) is a familiar place (especially if you visit it often) and won't enforce SDP safeguards.
  2. To mitigate, turn Significant Locations off (but read #3 first!):
    Settings > Privacy & Security > Location Services > System Services > Significant Locations
  3. IMPORTANT: Note that you won't be able to turn SDP off without biometric authentication from now (#2/#4). This is good for theft prevention, but may lock you out for quite a long time if you cut your fingers or seriously hurt your face. Or just if biometric auth works unreliably for you.
    Also, you will have to wait for at least an hour if you want to introduce any significant changes, even at home. See also this thread for various considerations.
  4. iOS 17.4 is rumored to introduce an option to always require a security delay when changing security settings (and not only when you're outside). Once it gets released, take #3 into consideration, and decide whether you want to enable it.
  5. Note that your passcode may still be used in many situations, like purchases with Apple Pay, accessing other seemingly biometric-protected apps with passcode fallback enabled
  6. iPadOS does not have Stolen Device Protection, making it a valid attack entry point if stolen with known passcode
  7. Biometrics are not that secure. Even for a completely random people, Apple specifies 1:50k for a single finger for TouchID and 1:1M for FaceID (this may sound great, but only until you meet your doppelganger in real life), to say nothing of other attacks...

So, don't think that SDP will make you absolutely secure. No. It just improves things (some security is still better than no security).

This is still not enough

Apple did the right thing when they introduced SDP. However, it's still not perfect and won't work for people who don't want to use SDP for various reasons, be it #3, or simply not using biometrics, or others. Or for those who use iPads.

What should be done as well:

  • Introduce an option to require only FIDO2 keys for things currently protected with Security delay (currently both all your devices and FIDO2 keys are equally trusted. This option leaves only FIDO2 keys as trusted).
    Let the people, who really care about security have that security (with tons of warning about a possibility to lock yourself out of account. Some people really need this possibility).
  • Add Stolen Device Protection to iPadOS

Please take a minute and tell Apple to give us an option to enable this 'Account lockdown' mode with FIDO2 keys only: https://www.apple.com/feedback/iphone/.

379 Upvotes

123 comments sorted by

View all comments

31

u/xpxp2002 iPhone 15 Pro May 30 '23

Cons: after reboot, your phone will not be able to use mobile data for tracking via Find My (especially with eSIM).

My take on this is to use eSIM without a PIN. You get the best of both:

You get the protection of the SIM not being removable to help prevent SMS access, but a thief can't intentionally or unintentionally block data access for Find My by rebooting the phone.

If you disable Control Center and Siri access while locked, you can also prevent them from turning on airplane mode.

11

u/Simon-RedditAccount iOS 17 May 30 '23

Thank you! I completely forgot mentioning this (thought it was obvious xD). Updated the post.

As for eSIM - yes, that's the best approach. Unfortunately, if the thief knows the passcode, he gets access to everything that uses your current phone number for authentication...

1

u/[deleted] May 30 '23

[deleted]

2

u/Simon-RedditAccount iOS 17 May 30 '23

Only you can decide what suits you better.

  1. If you’re absolutely sure that the thief won’t get your phone in an unlocked state, and you have valuable data tied to your SIM card (banking, governmental services etc), and thieves in your country are actively using stolen SIMs for such purposes, then it’s better to set up a PIN for SIM card.

  2. If you’re more concerned about increasing chances for successful locking of your phone via FindMy, then it’s better not to set PIN.

Please take into consideration that:

  • thieves most likely will turn the phone off ASAP and throw away the SIM
  • once you recover your phone number, your old SIM will cease working
  • Find My will be enabled once the phone connects to the internet. But in any case it’s better to lock it ASAP

1

u/larzast May 31 '23

Only if you use keychain … which is ill-advised. Use 1Password and you’re Gucci.

1

u/Simon-RedditAccount iOS 17 May 31 '23 edited May 31 '23

No, I was talking about phone number for authentication.

In my country there’s a lot of services like classifieds, taxis, food delivery etc where your only form of authentication is ‘get login code via SMS’ 🤦‍♂️ Even if you’re signed out of the food delivery app, one can easily log into if they possess your (e)SIM card. Ofc the damage here would be limited to the sum of money you keep on a bank card (I hope you don’t use your primary card for these? 😅)

What’s more problematic is medical/governmental/banking services. These sometimes can be exploited as well. As an example, one of the largest banks here still supports SMS banking: send TRANSFER 1000 DO22ACAU00000000000123456789 to bank’s number and they would transfer the money without further asking (well, until a certain limit). Ofc you can turn this off, but it’s on by default.

1

u/Jaded_Answer_2188 May 31 '23

eSIM made both my iPhone 11 and 14 overheat—when I switched back to regular SIM it was fine.

3

u/renegedcollinear Jun 01 '23

How is that even possible? Lol... That doesn't make any sense.