| ▲ | alabastervlog a day ago |
| It took me a minute to figure out how this works, but it must have something to do with using a "lost password" email reset on the iCloud account, and having the relevant email account logged in (or saved to the password manager) on the phone itself, so that all you need is the passcode to get into the iCloud account. Something like that? |
|
| ▲ | crazygringo a day ago | parent | next [-] |
| Yup, I'm guessing that's it: https://support.apple.com/en-us/102656 This article seems to make it pretty clear that having a passcode on a signed-in device is enough to reset the password. |
| |
| ▲ | XorNot a day ago | parent [-] | | That seems like an insane security hole really. One of the big distinctions I make in my life is whether a passcode is being typed in frequently and in view of the public. And since these are shorter codes, the entity on guessing from a distance is much lower. | | |
| ▲ | crote a day ago | parent [-] | | The even more insane security hole is allowing someone with physical access and the password to permanently lock out all recovery options. |
|
|
|
| ▲ | JKCalhoun a day ago | parent | prev | next [-] |
| I still can't figure it out. My daughter had her iPhone stolen in L.A. — she immediately wiped it remotely. The thieves were unable to access it. I got her a new iPhone pretty fast (the budget one) and she was back in business, back in her iCloud account. (She was one of those that saw her device head to Asia. She got a handful of text messages pleading with her to remove the stolen device from her account but she ignored them.) |
| |
| ▲ | alabastervlog a day ago | parent | next [-] | | Yeah, that's why I'm having to think at it some to figure out what's going on here. Usually I need my iCloud password to do anything related to that account, so I guess they're using some kind of iCloud password reset bypass that relies on the phone having access to necessary reset-related accounts (like email—though, IDK, I don't think I've ever tried to "lost password" reset my iCloud account, so I'm not sure if even that's enough) | |
| ▲ | KingInTheFnord a day ago | parent | prev | next [-] | | Some thieves will force you to give up the passcode. I’ve read a couple stories where someone was held in an alley while an accomplice went to an ATM to withdraw as much cash as they could. | |
| ▲ | wmf a day ago | parent | prev | next [-] | | You got lucky with dumb thieves. | |
| ▲ | Mystery-Machine a day ago | parent | prev [-] | | > she immediately wiped it remotely
> She was one of those that saw her device head to Asia What, the guy just jumped into the Pacific and started swimming? | | |
| ▲ | JKCalhoun 12 hours ago | parent | next [-] | | She watched its location using Find My on her laptop. It was last pinging her somewhere just north of Hong Kong (in fact it says: "Montery Plaza, 9 Chong Yip St, Kwun Tong,
Kowloon, Hong Kong SAR, China"). | |
| ▲ | justjonathan a day ago | parent | prev [-] | | I believe “She” here refers to the original owner (the victim). Apple offers a feature to remotely wipe your device if lost, and that was what I understood the owner to have done. I’ve done the same thing for a stolen iPhone. |
|
|
|
| ▲ | tonyedgecombe a day ago | parent | prev [-] |
| Presumably they will need mail notifications enabled on the Lock Screen as well. |
| |
| ▲ | alabastervlog a day ago | parent [-] | | The described attack in TFA seems to involve learning the phone owner's passcode (for the phone), so no lock screen shenanigans needed. |
|
