Apple will introduce a new security mode for iPhones that can protect users when thieves or other attackers learn their private passcode.
The feature, Stolen Device Protection, creates a second layer of security, making it harder for thieves to use the passcode to create mischief when the user’s phone is not at home or at work.
If the phone is at a location that is not usually associated with its owner, and Stolen Device Protection is turned on, the device will require Apple’s FaceID facial recognition in addition to a passcode for users to perform sensitive actions, such as viewing stored passwords or wiping the phone. Thieves won’t be able to make those changes or see those settings with only a passcode. In addition, any attacker won’t be able to change the user’s Apple ID password or remove FaceID without a mandatory one-hour delay, and then have to pass a FaceID check again.
The new feature comes after The Wall Street Journal identified a scam in which attackers befriend or spy on their victims, often at bars at night, and get them to reveal their passcode, sometimes by asking to see a photo or by looking over their shoulder.
The attacker then steals the phone and uses the purloined passcode to turn off theft protections such as Apple’s Activation Lock feature or Lost Mode. A working stolen iPhone is more valuable than one that’s locked down through software, which typically needs to be sold for parts.
Apple prompts essentially every iPhone user to input a four-digit or six-digit passcode when the device is set up. Before the new function, Apple’s privacy and stolen device protections, including its FaceID facial recognition tool, were tied to that passcode, allowing anyone with a stolen device and passcode to take full control of the phone.
Stolen Device Mode can be turned on under Face ID and Passcode > Stolen Device Protection for those who have the latest developer beta of iOS, iOS 17.3.
The opt-in feature will be shipped to other iPhone users in the coming weeks when iOS 17.3 is launched to the public.
“As threats to user devices continue to evolve, we work tirelessly to develop powerful new protections for our users and their data,” an Apple spokesperson said in a statement. “iPhone data encryption has long led the industry, and a thief can’t access data on a stolen iPhone without knowing the user’s passcode. In the rare cases where a thief can observe the user entering the passcode and then steal the device, Stolen Device Protection adds a sophisticated new layer of protection.”