Features 30.04.2024
The Stolen iPhone Epidemic
This five-minute read will be the differentiator if you ever find yourself a victim of iPhone theft.
Features 30.04.2024
This five-minute read will be the differentiator if you ever find yourself a victim of iPhone theft.
Picture the scene: You’re scrolling through Instagram on your iPhone in the middle of Camden as you wait for the bus. Suddenly, your iPhone is grabbed out of your hand, and you turn to see a thief running, scooting or cycling down the street with your beloved device. Electric pay-per-use bikes are the perfect accessory to the crime, providing a speedy getaway.
It’s the stuff of nightmares, and it might seem like it’d never happen to you, but figures show it’s frighteningly common. Mobile phone theft has risen dramatically in the last two years, with a device stolen every six minutes in London alone, according to The Met Police.
The results can be devastating, with criminals increasingly shoulder surfing victims to learn the PIN before stealing the phone. Last year, a report in the Wall Street Journal detailed how this leads to criminals accessing people’s mobile banking and other important apps, stealing data and draining bank accounts. The breach of privacy adds a further traumatic dimension to an already significant loss.
“If criminals take an open phone or gain knowledge of the PIN, they can bypass most security measures” James O’Sullivan
iPhone theft was deemed so serious that in a software update (iOS 17.3) earlier this year, Apple created a new iPhone feature, dubbed Stolen Device Protection, to help safeguard users if they fall victim to theft.
Assured Intelligence has put in the work to share the essential steps you need to take to secure your device so that in the event it’s taken, criminals get as little access to your life, finances and privacy as possible. This five-minute read will be the differentiator if you ever find yourself a victim of this mounting crime.
If your iPhone is nabbed, the chances are it’s gone forever. But mourning this loss will have to wait as you shift to focus on protecting yourself from the knock-on impacts such as identity theft, data compromise, extortion, or account compromise, says Jake Moore, global cybersecurity advisor at ESET.
Thieves steal phones in a two-pronged attack, Moore says. “First, they steal the device and sell on the hardware, then they steal the data and may attempt extortion.”
No matter what security you have in place, your iPhone PIN is one of the biggest vulnerabilities. If someone watches you input the number while your iPhone is still in your possession, they can then use it to open your iPhone once it’s stolen. Your PIN can be used on Apple Pay, and if you reuse it on apps, such as mobile banking, it will give attackers access to those, too.
This can allow criminals to drain your bank accounts. One man told the BBC how a pickpocket took his mobile phone and used his banking apps to steal £22,500.
“First, they steal the device and sell on the hardware, then they steal the data and may attempt extortion” Jake Moore
“If criminals take an open phone or gain knowledge of the PIN, they can bypass most security measures,” says James O’Sullivan, CEO and founder of Nuke From Orbit, a company that offers an app to delete data from stolen devices remotely.
O’Sullivan set up his company after experiencing mobile phone theft first-hand. He tells Assured Intelligence how he lost thousands of pounds when his iPhone was stolen on a night out in Dublin during the Six Nations in 2023. “I made a payment on one of my cards in my digital wallet, and a few seconds later, my phone was gone.”
When he called his banks, he discovered tens of thousands of pounds had been spent across the cards in his Apple Pay wallet. Thankfully, he was able to get the money back. “But not everyone is that lucky, and the trauma of getting it back is very real for some people: Some will just give up the fight,” he says.
Poor PIN hygiene leads to 62% of phone theft victims in the UK facing further financial loss and data breaches, according to new research commissioned by Nuke From Orbit. When devices were stolen, respondents’ social media and email accounts were accessed. At the same time, one in four individuals also fell victim to digital wallet theft, resulting in actual monetary losses, the survey shows.
Meanwhile, one in five respondents experienced compromised personal bank accounts through unauthorised access via mobile banking apps. Nearly half (45%) used the same PIN to access the phone and multiple apps, services and bank cards.
Needless to say, having a secure PIN is essential. Use biometrics such as Face ID or Touch ID to access your device, says Moore. He advises having a “long, unique, and not easy to guess passcode.
“Although people tend to favour biometrics over a passcode, when paying for something, they often fall back on their PIN to open Apple Pay at a checkout. This is common in a crowded bar, and it’s also a typical venue where thieves lurk, looking for their next victim.”
The first thing to do to help protect yourself against loss or theft is to enable a secure PIN on your device in addition to biometrics, agrees Sean Wright, head of application security at Featurespace. “This will help ensure that if your device is left unattended, lost or stolen, someone cannot access your iPhone and its data.”
Another critical step to safeguard your iPhone if it is stolen is Apple’s theft protection feature, Stolen Device Protection, which was made available after the spate of thefts reported by the Wall Street Journal.
It can be found in your iPhone Settings > Face ID & Passcode, by entering your passcode and scrolling down to Stolen Device Protection, where you can toggle the feature to “on”. Among the benefits, the feature requires a security delay of one hour for important changes to your iPhone, such as editing your Apple ID or deactivating Lost Mode, when away from familiar locations. You can now “Always” require a delay in all locations for extra security.
“With Find My iPhone enabled, you can locate your device and activate lost mode” Mark Brown
Moore says Stolen Device Protection protects users from changing passcodes or adding a new Face ID to the device. “If a new Face ID is added by just knowing the passcode, the thief will access all apps hidden behind facial recognition, which often includes banking and password manager apps.”
Moore says the hour delay gives you enough time to notify the authorities and gives Apple enough time to block further access to the iPhone.
Apple’s ‘Find My’ built-in app – available under Settings > Apple ID > Find My – is also crucial if your device is lost or stolen.
“With Find My iPhone enabled, you can locate your device on a map, play a sound to find it nearby, and activate lost mode to lock it and display a message on the screen,” says Mark Brown, tech expert and CEO of Gadgetsure.
Brown says you can also erase all data remotely as a last resort: Stolen Device Protection automatically wipes financial data, such as Apple Pay, when Lost Mode is activated.
However, both these features – Stolen Device Protection and Find My – are not enabled by default on iPhones, so it is essential to ensure they are switched on.
In the immediate aftermath of phone theft, log into your account and put it in ‘Lost Mode’, Moore advises. “If you think [or know] it’s stolen, use Find My to wipe it immediately and once it has an internet connection. As thieves are well aware of this, they will attempt to block data coverage to the device so you cannot track it. It is also vital to inform your mobile service provider so they can block the SIM card.”
File a police report immediately, says Brown. “This helps track stolen devices and provides documentation for insurance claims.”
Also, update the passwords for all accounts you access from your iPhone, especially banking and social media, adds Brown. He advises contacting your insurance provider within 24 hours after your phone has been stolen so they can begin processing your claim.
Ultimately, it is possible to make your device more secure and harder for criminals to do any damage if they do steal it, concludes Wright. For example, consider the security of your Apple account, ensuring it has a suitable strong password, as well as multi-factor authentication (MFA).
“Ideally, use another Apple device or a hardware token so you can still access your account to perform device resets. This will also prevent anyone else from being able to access your Apple account.”
Brown recommends enabling MFA for all accounts, especially banking and social media, for an extra login layer. At the same time, he advises considering requiring a separate PIN for banking apps and encrypted messaging services such as Signal and WhatsApp.