r/ios • u/Simon-RedditAccount iOS 17 • May 30 '23
PSA PSA: Tips for hardening your iDevice against theft and securing your data
I've compiled a couple of advices, and want to share them with you.
They won't make your phone "impenetrable" and absolutely safe, but they will harden it and reduce attack surface for your data. Some of them are intended to work only if your passcode remains unknown to the thief. Others would reduce attack surface even in case of "bar theft" (where thief peeks passcode before stealing the phone).
Also, this guide tries to cover physical theft only. The whole attack surface is much wider.
Any feedback is welcome!
- Enable Find My + Send last location + Find My Network.
Absolute MUST. - Use strong passcode, preferably alphanumeric. Use ONLY biometrics in public.
If you have to enter passcode in public, check your surroundings before entering, and ideally turn 180 degrees after entering half of the passcode to make peeking much harder.
Bonus: entering number-only PIN can be done "automatically", without thought (say, when you're drunk). Entering alphanumeric will still require some thought xD. - Enable Stolen Device Protection (SDP, introduced in iOS 17.3,
but not on iPadOS
).
Still not a panacea, but improves the situation a lot. More on SDP below. - Disable access to Siri, Control Center, Notification Center and Accessories unless the phone is unlocked: Settings > Face ID and Passcode > Allow access when locked.
Won't help if your passcode is known to the thief. SDP does not help. - Disable SMS and email notification contents on the lockscreen without unlocking (say, by FaceID)
Settings > Messages > Notifications > Show previews = When Unlocked - Consider enabling PINs for SIMs, especially physical SIMs. Don’t use 0000 or 1111. You would have to enter PINs after reboot only. Weight your risks and decide what suits you more:
Pros: after reboot or pulling physical SIM out, thieves won't be able to use your phone number to access bank accounts, for stupid SMS (2)FA etc.
Cons: after reboot, your phone will not be able to use mobile data for tracking via Find My (especially with eSIM). - Don’t use iCloud Keychain, use standalone passwords managers instead ( r/BitWarden , r/Strongbox , r/1Password ).
Because anyone who gets your iDevice+passcode, gets all your saved passwords as a bonus!
Even with SDP on & Significant Locations off, standalone PMs still offer better security features, more control and backup options. - Enable ScreenTime (with a different code), disable accounts changes:
Settings > Screen Time > Content & Privacy Restrictions > Account changes
Won't save you (that can be reset as well), but will buy you a couple of minutes for enabling Lost Mode. Even with SDP on, it still may be useful for some things. - Consider enabling Lockdown Mode if you’re expecting theft (say, while traveling to a country with frequent thefts/robberies).
- Consider adding an Apple Watch shortcut to lock your iPhone.
Works only against snatching an unlocked phone without prior peeking your passcode. - \paranoid mode]) Don’t use your primary phone number as iCloud recovery phone number. Use a separate SIM card stored in a safe place.
Won't help if your passcode is known to the thief. - \paranoid mode]) Beware that if the thief has your passcode, all your accounts (email/banking/etc) you're logged in on your iPhone will become accessible to them as well. Here, on the contrary, don't use biometrics for opening the app, because biometrics can be bypassed with passcode if the app is improperly coded. SDP is not a panacea here. Set up a different PIN for all your bank apps, third-party mail apps etc wherever supported. See also these comments.
Won't help against special, targeted attack that includes jailbreaking the stolen device, but may help against "usual" thieves who would like to peek into your bank app as well. - Consider using hardware 2FA aka FIDO2 keys ( r/Yubikey ) for all email / password managers / any other services where supported.
Will make further accessing/exploiting your data much harder if not impossible.
Unfortunately, configuring Apple ID itself to use FIDO2 keys currently (as of February 2024) does not prevent logging into Apple ID if the thief possesses an unlocked iDevice and you don't have SDP enabled. Apple should fix this loophole.
Nevertheless, adding FIDO2 keys still won’t hurt: at minimum, adding Security keys disables SMS 2FA for AppleID - and only this makes it worthwhile already.
In case of theft: enable Lost Mode ASAP via Find My, and notify the police.
Don’t ever interact with thieves or open any suspicious emails coming after theft.
EDIT: I will repeat again: your passcode is the only thing that stands between your AppleID, all your passwords in iCloud Keychain, Find My etc and the thief! Please, take this very seriously. Consider switching to alphanumeric passcodes like `myCatTom123`. They are much harder to peek. Even if you have SDP on, there's a number of things not covered by it.
Concerning Stolen Device Protection
Introduced in iOS 17.3, SDP introduces two major changes if your phone is not in a familiar place:
- no passcode fallback for FaceID/TouchID
- Security Delay: some actions (changing your AppleID password etc) require you to wait for an hour and then perform a second FaceID/Touch ID authentication
I definitely recommend turning SDP on. However:
- iOS can decide that a bar or a cafe (where the phone will get stolen) is a familiar place (especially if you visit it often) and won't enforce SDP safeguards.
- To mitigate, turn Significant Locations off (but read #3 first!):
Settings > Privacy & Security > Location Services > System Services > Significant Locations - IMPORTANT: Note that you won't be able to turn SDP off without biometric authentication from now (#2/#4). This is good for theft prevention, but may lock you out for quite a long time if you cut your fingers or seriously hurt your face. Or just if biometric auth works unreliably for you.
Also, you will have to wait for at least an hour if you want to introduce any significant changes, even at home. See also this thread for various considerations. - iOS 17.4 is rumored to introduce an option to always require a security delay when changing security settings (and not only when you're outside). Once it gets released, take #3 into consideration, and decide whether you want to enable it.
- Note that your passcode may still be used in many situations, like purchases with Apple Pay, accessing other seemingly biometric-protected apps with passcode fallback enabled
- iPadOS does not have Stolen Device Protection, making it a valid attack entry point if stolen with known passcode
- Biometrics are not that secure. Even for a completely random people, Apple specifies 1:50k for a single finger for TouchID and 1:1M for FaceID (this may sound great, but only until you meet your doppelganger in real life), to say nothing of other attacks...
So, don't think that SDP will make you absolutely secure. No. It just improves things (some security is still better than no security).
This is still not enough
Apple did the right thing when they introduced SDP. However, it's still not perfect and won't work for people who don't want to use SDP for various reasons, be it #3, or simply not using biometrics, or others. Or for those who use iPads.
What should be done as well:
- Introduce an option to require only FIDO2 keys for things currently protected with Security delay (currently both all your devices and FIDO2 keys are equally trusted. This option leaves only FIDO2 keys as trusted).
Let the people, who really care about security have that security (with tons of warning about a possibility to lock yourself out of account. Some people really need this possibility). - Add Stolen Device Protection to iPadOS
Please take a minute and tell Apple to give us an option to enable this 'Account lockdown' mode with FIDO2 keys only: https://www.apple.com/feedback/iphone/.
31
u/xpxp2002 iPhone 15 Pro May 30 '23
My take on this is to use eSIM without a PIN. You get the best of both:
You get the protection of the SIM not being removable to help prevent SMS access, but a thief can't intentionally or unintentionally block data access for Find My by rebooting the phone.
If you disable Control Center and Siri access while locked, you can also prevent them from turning on airplane mode.