Apple introduced a fresh iteration of iOS yesterday, bringing forth a slew of novel features including collaborative playlists on Apple Music and a new Unity wallpaper commemorating Black History Month. Notably, iOS 17.3 introduces a significant addition known as “stolen device protection,” which, by default, remains disabled. It is advisable for iPhone users to activate this feature once they have updated to iOS 17.3.
The inception of this feature stems from an investigation conducted by Joanna Stern and Nicole Nguyen for the Wall Street Journal. Their findings revealed instances where thieves pilfered money and accessed sensitive data purportedly safeguarded on iPhones and associated iCloud accounts.
The passcode assumes critical importance as it enables access to unlock a phone and modify certain settings. Even with Face ID (or Touch ID) activated, the passcode serves as a fallback method to unlock a phone and make alterations to settings.
iPhone thieves exploit this potential vulnerability by frequenting late-night venues and engaging strangers to obtain their passcodes. For example, one thief recounted to Joanna Stern his tactic of convincing victims to add him on Snapchat, exploiting the ease of inputting contact details directly onto someone else’s phone. Upon gaining access, the thief locks the phone and requests the passcode, committing it to memory for later use.
Once a phone is stolen, the passcode can be utilized to unlock the device and change the Apple ID password, effectively disabling Find My iPhone and thwarting remote wiping of the device.
Many iPhone users store sensitive data such as bank app passwords and credit card details in their iCloud Keychain and Safari autofill preferences, respectively. Thieves exploit this by accessing encrypted notes in the Notes app and potentially utilizing Apple Pay.
To address such concerns, Apple has incorporated stolen device protection in iOS 17.3. When activated, certain actions necessitate Face ID or Touch ID biometric authentication, such as accessing stored passwords and credit cards. Moreover, changing the Apple ID password, altering the passcode, and disabling stolen device protection entail a security delay, requiring users to wait for at least an hour before implementing critical changes. However, exceptions apply in familiar locations like home or work.