A Suspicious Encounter Abroad Highlights iPhone Security Features

Originally published at: A Suspicious Encounter Abroad Highlights iPhone Security Features - TidBITS

Last month, among all the usual email I received was an anxious missive from a TidBITS reader—we’ll call her Beverley, largely because that’s her name. While walking down the street in El Calafate, a tourist town in Patagonia, Argentina, Beverley was approached by a woman with a British accent who asked if she spoke English. The woman claimed she was looking for a hotel shuttle pickup location and showed Beverley a map on her phone, but it was fuzzy and hard to read.

Being helpful, Beverley pulled out her iPhone 17 Pro and opened Maps to get a clearer view. While she was comparing the two maps and trying to locate the marked spot on the other woman’s map, Beverley’s iPhone vibrated. The woman immediately made a lighthearted comment: “Oh look, I’ve probably shared all my contacts with you!”

After Beverley pointed out the location (a block or so to their right), several other women who “looked more local” approached. The original woman said to them—in English—that she had found someone who spoke English, thanked Beverley, and then walked off confidently to the left, showing none of the hesitation you might expect from someone genuinely lost who had just been told to go in the opposite direction. The other women went with her. When Beverley followed at a distance, the group turned a corner and quickly disappeared down an alley.

Beverley was left with an unsettled feeling and the worry that the woman was trying to compromise her iPhone. Several details stood out in retrospect. The woman’s iPhone had a white cylindrical accessory attached to the bottom—about half an inch in diameter and the width of the phone—which Beverley initially assumed was a backup battery; its unusual form factor raised concern later. Plus, when Beverley’s iPhone vibrated, there was no accompanying onscreen notification, and the woman’s comment about sharing contacts came immediately afterward, as though she was trying to explain it away. Finally, the woman walked in the opposite direction from where she’d asked for help, and the other women disappeared quickly as well.

Worried, Beverley went to change her Apple Account password using her iPhone, but because she had Stolen Device Protection on and was in an unfamiliar location, she had to wait an hour after starting the task. Later, back at the hotel, she changed it again using her iPad to be doubly sure.

That’s when she wrote to me—should she change the passwords for important accounts, given that her potentially compromised iPhone would be used for authentication? Would resetting the iPhone be overkill, given that restoring an iCloud backup while traveling might be difficult? Should she contact Verizon about possible SIM cloning? Needless to say, traveling without a functional phone is challenging these days, so she was hesitant to proceed with a plan that might leave the iPhone in a problematic state.

What Actually Happened?

Although I agreed that the encounter seemed sketchy, I was pretty sure that her iPhone hadn’t been hacked. For backup, I cc’d Rich Mogull, our security editor. Rich confirmed that he is unaware of any attacks that would work on a device like that, and called the iPhone 17 Pro “the most secure consumer device available,” noting that Apple has added new hardware protections in the latest iPhone models.

The most likely explanation for the vibration was NameDrop, an iOS feature that makes it easy to transfer contact information when two iPhones are brought close together. NameDrop is controlled by a setting in Settings > General > AirDrop > Bringing Devices Together. When enabled, placing two iPhones close together triggers the contact-sharing interface. The woman’s quick comment about “sharing contacts” suggests she knew what had happened and was trying to normalize it.

However, NameDrop should show an animation and a notification along with a vibration, which Beverley didn’t recall seeing. In testing, I couldn’t establish a NameDrop connection without that animation, and it always results in a notification or a contact poster that needs to be dismissed manually. This behavior occurred even on an iPhone that wasn’t signed in to iCloud. Although Beverley later confirmed that she had AirDrop set to Contacts Only, I discovered that the Bringing Devices Together setting is independent from the AirDrop settings. That means iPhone proximity can initiate contact sharing even if AirDrop is set to Receiving Off. Even then, no information is exchanged unless you explicitly approve the action.

So was this even a scam? Lost tourists often ask for navigation help, even in this age of online maps. If you’re far from your destination in an unfamiliar city—or accidentally mapping to an incorrect but similarly named destination—mapping directions can seem very off. Rich Mogull even said he had a similar experience in New York City the week before with a tourist who was utterly lost.

In the end, I’m left weighing two possibilities:

• There was a scam happening, but the setup with the fuzzy map, targeting an English-speaking tourist, the seemingly coordinated group, and the quick disappearance suggests it was more likely a distraction technique for pickpocketing. If that was the goal, Beverley may have protected her valuables well enough that the would-be thieves gave up.
• It was a strange but innocent interaction. Maybe the original woman was actually looking for the hotel shuttle pickup, but not at that moment, so she could have walked off in the wrong direction for a different reason. Perhaps she asked the other women for help but couldn’t communicate clearly enough to get an answer. They might have walked off in the same direction but not together, and simply disappeared around a corner.

We’ll never know for sure, but after several weeks back home, Beverley has seen no signs of malicious activity on her iPhone or online accounts. It seems safe to say it wasn’t the sort of sophisticated, if fictional, attack often shown on TV and in movies. (Those also usually rely on USB because plugging in cables and waiting for data to download is more dramatic than some hypothetical wireless attack.)

What Lessons Can We Take Away?

After learning what happened, Beverley wondered whether the lesson was simply not to help people while traveling. That would be a sad conclusion to draw. The real lesson is to help people while staying aware of your surroundings and protecting your belongings.

From a technical standpoint, I hesitate to recommend anything that would feed unnecessary paranoia. But these settings seem reasonable:

• Turn off proximity detection: Unless you regularly need to share contact information, turn off Settings > General > AirDrop > Bringing Devices Together. In my experience, it primarily triggers when transferring contact cards isn’t the goal.
• Be aware of AirDrop connectivity: In Settings > General > AirDrop, you can choose from Receiving Off, Contacts Only, and Everyone for 10 Minutes. Obviously, Receiving Off is the most secure, but frankly, I think it’s unnecessary. Contacts Only limits connections to people you know, and you can still reject unwanted transfers.
• Use Face ID or Touch ID in public: If a thief sees you entering your passcode, that’s a signal that you aren’t using Stolen Device Protection and are thus a target for a snatch-and-run attack (see “How a Thief with Your iPhone Passcode Can Ruin Your Digital Life,” 26 February 2023). It’s just too easy for someone to see or record your passcode taps as you enter them.
• Turn on Stolen Device Protection: Although it’s bad enough to have a thief grab your iPhone, Stolen Device Protection will at least keep them out of your data and accounts. Enable it in Settings > Face/Touch ID & Passcode > Stolen Device Protection (for more details, see “Turn On Stolen Device Protection in iOS 17.3,” 25 January 2024).

If you have an unsettling encounter similar to what Beverley experienced, it’s worth monitoring for unusual behavior—things like unexpected charges, roaming or data spikes, unprompted Apple Account sign‑in alerts, or eSIM changes. Be extra alert for phishing; don’t tap links in urgent email or text messages—navigate directly to the website to verify. If nothing odd shows up in the next day or two, you’re almost certainly safe.

In short, modern iPhones are highly resistant to opportunistic attacks, and most “weird tech moments” on the road aren’t evidence of hacking. Stay helpful, keep proximity sharing in check, use biometrics, and stay alert—caution without paranoia is the right balance.

I use NFC tags quite frequently, and my iPhone vibrates whenever I read one. And then displays a confirmation to do whatever action the tag is triggering.

So MAYBE the person had an NFC tag and whatever was in the payload of the tag wasn’t recognized so all that happened was the buzz from when the tag was read

Wild speculation on my part, of course. I’m more inclined to think it was just proximity contact sharing by accident.

Another guess would be that the interacting woman called off the attack (perhaps a phone snatch) by speaking the code phrase (“found someone who spoke English”). Perhaps the woman was able to determine that Beverly had Stolen Device Protection turned on or Beverly failed to unlock her phone using the passcode in view of the woman. Anyway, hooray for Beverly, who attempted to help a stranger and apparently did not get punished for it.

A relative has an iPhone SE (the original); it is stuck at iOS 15.8.5. Under Settings > General > Airdrop, there are no slider on-off controls, only Receiving Off, Contacts Only, or Everyone (not Everyone for 10 Minutes, like on my iPhone). I have an iPhone SE (2020) with iOS 18.7.2. Both iPhones were set to Receiving Off and we are in each other’s Contacts. I set both iPhones to Contacts Only, turned on Bringing Devices Together on my iPhone, and brought the devices together. Nothing happened. If someone sees any significance in this, please explain. I disabled Bringing Devices Together on my iPhone, restored both iPhones to Receiving Off, and typed this response.

Yes - It could be an NFC incident that the iPhone detected but did nothing but vibrate. Maybe it was an attempted hack (eg tap to pay) but only works on an Android phone?

It’s too old to support Bringing Devices Together, I believe. I have an old iPhone 6s that I was testing with and it didn’t show that switch or work at all with proximity sensing.

That’s a possibility! I don’t believe I have any NFC tags that I can read to test. Is it possible that there would be any just around in the house from commonplace products? Nothing I could find would trigger a general-purpose interaction (passports, credit cards, AirTag packaging).

Hotel keycards are usually NFC, if you have one around. Also some tollway transponders. (The iPhone only reads NFC within a specific frequency range, so even things are NFC might not be readable.)

Based on my limited experience with Stolen Device Protection (SDP), I recommend that iPhone users think twice—or maybe even three times—before turning this feature on. A friend asked me for help with her iPhone a few months ago; and unbeknownst to her, SDP had been turned on. I don’t remember the details of this encounter, but turning off SDP in order to do what the owner needed to do was a total pain in the neck.

I’ve done field research extensively in Argentina and Chile over more than 4 decades. This incident has all the earmarks of a classic setup, probably to steal Beverly’s iPhone. It was probably called off because she didn’t key in her password/key code and the attackers were savvy enough to know that the phone was not of much value without it. Alternatively, the attackers decided that she was not an easy target for a pickpocket or snatch and run. In earlier days someone would squirt mustard on you jacket, a “Good Samaritan” would come along and offer to help you clean it up and while you were distracted by them someone else from the team would grab you backpack, pick your pocket, etc. I had a student lose an entire field season of research notes that way during their last day in Buenos Aires!

One of my personal rules for operating in public is never pull out my phone and never wear my Apple Watch (which identifies me as a target). If I need to check a map, I only do so when far from other people and in places where people can’t see what I’m doing easily. Never pull out your phone around people you don’t know. Another rule: backpacks are high value targets. If you must carry one, do not put you personal documents in it (keep them in a pouch under your clothing) and if you have any tech in it, wear it in front of you with you arms wrapped around it, not on your back (you see locals on the subway do this all the time). It works for me as I’ve never had anything stolen but as they say “toque madera” (knock on wood).

Interesting. What were you all researching, out of interest?

I’m a field geologist and among other things study the geology of mega earthquakes (Chile is the king of big EQs). I also write apps for geological research and now, in retirement, have repurposed some field apps as privacy oriented hiking apps. Taught at Cornell for years (hence my interest in TidBits)

Ah, good work!

That was my reaction, but it doesn’t explain why Beverly’s phone vibrated. By the way, @ace, did Beverly ever comment on whether any contacts had been shared? (I would think that the “woman with a British accent” would have had no contacts to share in this imagined scenario, but who knows?)

I was thinking your name seemed somewhat familiar from some other context!

No, Beverley never said anything about that, but there’s no conceivable way anything more than the woman’s contact could have been shared, and that would have required an explicit action on Beverley’s part. The random NFC tag seems like the most likely explanation for the vibration at this point.

Not sure about that. It seems more than a coincidence that the British woman (there are lots of Argentines with British heritage) just happened to position her phone close enough to Beverley’s to trigger an NFC event. maybe she was checking to see if Beverley happened to have Airdrop>Everyone turned on? She clearly had a plan and knew what she was doing given her ready patter about transferring contacts.

I have to say that reading Adam’s story was a bit like watching a horror movie where you know there’s a demon behind a door and you shout at the hero: “Don’t open that door!”

This article has some info about iPhones and NFC tags. It might explain the vibrating iPhone.

Off topic … I bought a packet of stick on tags for a few dollars and have experimented with using them with Homekit and Shortcuts.