I got very concerned this week after reading and trying it out myself that someone malicious can completely reset and hijack pretty much everything on your phone as well as iCloud account if they see you typing your passcode and then take your phone.

See this article:

https://www.wsj.com/articles/apple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a

non-paywall: https://archive.ph/5TjOQ

Is there anything to do to protect against this? Can this function be deactivated? As it is, I'm thinking of deleting financial apps from my phone that can initiate any kind of money transfer...

Comments

You must log in or register to comment.

XtremePhotoDesign t1_j9zfv79 wrote on February 25, 2023 at 6:23 PM

Use a separate password for financial apps that is not saved in iCloud Keychain.

Use Face ID or Touch ID.

If you have to enter a passcode in public to unlock your phone, look over your shoulder and hide what you enter.

Use a custom alphanumeric passcode to unlock you phone instead of a 4 or 6 digit PIN: https://support.apple.com/en-us/HT204060

TWYFAN97 t1_j9zi1w1 wrote on February 25, 2023 at 6:37 PM

Avoid entering your passcode in public if able. Use Face/Touch ID. Don’t let strangers use your phone or leave it lying around unattended. If you want to be even more secure you can use the password option to manually unlock the phone.

KafkaExploring t1_ja0hc7l wrote on February 25, 2023 at 10:40 PM

Think seriously about using iCloud. Any service that can be recovered using recovery questions is only as secure as the answers to those questions.

NYT published an article a couple years ago where a (white hat) hacker looked up the reporter's information (e.g. LinkedIn, high school graduation, ship to address in their public Amazon wish list, etc.), called the "I forgot my password" line, recovered their iCloud account, and remotely locked their Mac and iPhone during the interview.

That's not knocking Apple; I'd imagine there's a Google equivalent. As u/XtremePhotoDesign suggests, it's probably wise to not use the same credential trust for answering a text in a bar and for bank transfers.

kepler1 OP t1_ja0pwx7 wrote on February 25, 2023 at 11:43 PM

Well, thankfully at least on that front, iCloud lets you set the recovery key that removes the possibility of using recovery questions.

But it still leaves this other hole that people can drive through.

AutoModerator t1_j9zffgc wrote on February 25, 2023 at 6:20 PM

It looks like you might be looking for help or support. Basic questions may be removed, so please search the sub and check the Support FAQs before posting.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

dskatter t1_j9zj6x5 wrote on February 25, 2023 at 6:44 PM

Don’t use a short passcode. Mine is twenty digits. Anyone who can figure my code out is impressive indeed. Enable faceID or touchID, and if they fail then go to the bathroom or somewhere else and enter your code to refresh them.

This isn’t hard. Basic precautions.

spacemate t1_ja5v6io wrote on February 27, 2023 at 1:46 AM

Does the keychain even work that great for you? I switched to Bitwarden and it’s been pretty good. Just use a different password from your Apple ID password and use a different pin from the passcode you use to unlock the phone.