Apple has long being known to be a security bulwark in the consumer devices space, specially with rampant hacks on other OSes. However, hackers and outright thieves have increasingly found ways to penetrate Apple’s otherwise strong user security protocols. With an increase in such cases, Apple introduced a set of rapid ‘Security updates’ that are sent across devices as soon as Apple devs plug a critical security loophole.
One such loophole found to be in rampant use recently, was thieves’ ability to compromise user accounts, pilfer saved passwords, drain funds, and even lock users out of their digital devices upon theft, including services such as iCloud, an Apple-owned cloud service. This meant users being unable to access data across devices, since iCloud accounts link all devices together.
To overcome this, Apple is rolling out a new iOS feature known as Stolen Device Protection. The security measure is aimed at thwarting these vulnerabilities in iPhones that are targeted by thieves.
The Stolen Device Protection setting is designed to prevent thieves from having their way with the user’s data. As of now, the new feature is only being released to beta testers, according to a report by WSJ. Anyone with an Apple Device can register for the Apple Beta Software program to receive beta versions and try out the most recent features and then provide Apple with feedback regarding the feature.
The upcoming security system is set to be included in a scheduled software update. However, users will be required to turn on the setting manually to activate it. It is also important for users to note that although this is Apple’s initiative towards fortifying their security system, it doesn’t mean that all potential threats to an iPhone user’s personal and financial information are covered. It only covers the issues that have arisen because of the current break-ins and the exploitation of vulnerabilities within the system.
How it works:
Usually, a device is secured or locked by a passcode or even Touch ID or Face ID. The passcode serves as a failsafe when Touch or Face ID fails. So, the passcode is the foundation of all security in a locked device.
A passcode is only a string of 6-8 digits and once in the wrong hands, the possible damages are not reversible. Here is where Stolen Device Protection comes in and makes a significant difference in protecting the data. If a user has the setting enabled then iPhones will impose restrictions on certain settings when users are away from familiar locations, such as home or work.
What restrictions does the new setting enable?
It presents certain security enhancements that only work when the user has the Stolen Protection Device setting enabled. Below are the security enhancements that will be available to iPhone users once the setting is enabled:
Apple ID Password Change:
Without Protection: Thieves can exploit passcodes to change Apple account passwords, lock you out and disable Find My Device, rendering the device ripe for resale.
With Protection: Changing the Apple ID password away from a familiar location requires a Face ID or Touch ID. Additionally, a one-hour delay is enforced, followed by a reconfirmation through biometric scans. Only after this can the password be changed in an unfamiliar location.
Update Apple Security Settings:
Without Protection: Thieves can enable a recovery key, hindering Apple ID password resets via phone number or email. A thief with your passcode can enable something known as a recovery key. This is another setting feature designed by Apple to protect users from online hackers. Essentially, it is a 28-character code generated at random to enhance the security of your Apple ID by providing you with more control over resetting the password to log back into your account.
So, if a hacker sets a recovery key, you won’t be able to log in to your account as the hacker will have more control over your password reset process and you will lose access to all your photos, files, contacts etc. Anything that is present in your iCloud could be lost forever.
With Protection: Changing or enabling the recovery key necessitates two biometric scans an hour apart. However, if the Stolen Device Protection feature is enabled then enabling or changing your recovery key will require two mandatory biometric scans with an hour’s time between them.
Accessing Passwords Stored in Keychain:
Without Protection: In case you use Apple’s Keychain which functions through iCloud as a place to store all your passwords, a thief can use your device passcode to open Keychain and access all of the stored credentials. According to a report by The Wall Street Journal, there have been reports of people being robbed of tens of thousands of dollars.
With Protection: Accessing these passwords requires Face ID or Touch ID, eliminating the passcode as a backup. With the new security setting enabled, the device will prompt you to use Face ID or Touch ID to access the passwords saved in Keychain. The passcode will be rendered obsolete as a failsafe for failed biometrics and thereby stopping the hackers from using the passcode to their advantage.
The new setting basically involves biometric scans and time delays when you are in an unfamiliar location (i.e. not home or work) to prevent the change of key iOS settings. A mere passcode to unlock the device will not get a thief any data that they are seeking.
The new setting does promise improved security, however, as mentioned earlier potential threats and vulnerabilities still exist. A thief will still be able to use the basic function of a passcode i.e to unlock your phone. If an app on your device is not protected by a pin or a password for additional security, then the contents of that app are vulnerable. This also applies to accounts that can be reset through text or email. For instance, Apple Pay works with a passcode if Face ID or Touch ID fails.
But there are basic precautions that one can take to address the issue. It is advisable not to share your passcode with strangers and when in public, try your best to use Face or Touch ID.
The device feature is going to be rolled out soon according to reports and upon the release, Apple will prompt users to turn on Stolen Device Protection. This setting will be located under Face ID and Passcode.
Earlier this year in June, Apple also released plans for other security enhancements for its users, earlier this year. It announced major updates to private browsing done through Safari, improvements in privacy permissions for Photos, Link Tracking Protection in Messages, Mail, Safari Private Browsing, and App Privacy Development. This presents users with more control over their data.
Additionally, it also announced its plans to enhance security in features created to help protect user safety. For instance, it introduced Check-In which allows friends or family members to know that you have safely reached their destination via Messages. In case an obstruction or problem is detected, the feature will check in with the user. If it receives no response, it will share all important information with the emergency contacts selected by the user.
