Originally published at: iOS 17.3 Stands Out from Other OS Updates with Stolen Device Protection - TidBITS
Apple has released a large set of operating system updates, including iOS 17.3, iPadOS 17.3, macOS 14.3 Sonoma, watchOS 10.3, tvOS 17.3, HomePod Software 17.3, macOS 13.6.4 Ventura, macOS 12.7.3 Monterey, iOS 16.7.5 and iPadOS 16.7.5, and iOS 15.8.1 and iPadOS 15.8.1. New features include Stolen Device Protection in iOS 17.3 and Apple Music collaborative playlists.
3 Likes
Why is “Stolen Device Protection” not included with the iPad or even the Mac?
Maybe the Ventura/Monterey updates will quietly address the unwanted “upgrades” to Sonoma in this other article?
None of my Macs are affected so I can’t investigate this myself.
1 Like
I’ll admit I’m skeptical, but there is definitely reason to hope otherwise: one of the unmentioned bug fixes in this update applies to virtualized older macOS versions not being able to properly apply macOS updates. So most likely, the 14.3/13.6.4/12.7.3 update touched the Software Update mechanism and how it works on older versions of macOS.
1 Like
Is unlocking with Apple Watch newly able to authorise Siri requests? It’s not how I remember the feature in the past, but I could easily have misremembered. I ask because, in turning on Stolen Device Protection, I found that I also had to reenrol my watch for unlock. It’s an impressive capability, now that you can authorise Siri requests using it. Example: ask Siri to toggle a focus while your phone is in your pocket, you wear your watch, and Control Centre is disallowed while locked; you should find that it now works (with haptic confirmation).
Because the threat model that it protects against doesn’t apply to anything but the iPhone. The concern is a thief shoulder-surfing a passcode, then snatching an iPhone and running. Before this, they could use the passcode to change the Apple ID password and take over the person’s life. That’s unlikely to happen with an iPad and even less likely with a Mac.
With Stolen Device Protection enabled, Face ID or Touch ID will be required to make certain changes.
What I haven’t had a chance to check yet is if, once enabled, it also applies to your other devices.
2 Likes
Honestly my guess is that Siri on the watch, which is unlocked on your wrist, is the one changing the focus and syncing the change to the rest of your devices. I change focus modes on the watch sometimes and on the phone sometimes, though generally not with Siri. Just from control center on whichever device is handy.
1 Like
Is that true? I get the Mac, but I bet there are many people with an iPad that in spite of all warnings use a 4 or 6 digit code. If they can be observed typing it in on their iPhone, the same could apply to their iPad, couldn’t it?
2 Likes
It’s not inconceivable, but the Wall Street Journal hasn’t mentioned any iPads being compromised in this way. The exploit seems to be focused on crowded bars where people are careless and potentially drunk. It’s not my scene, but I’d be surprised if iPads were commonly used in such situations.
2 Likes
I sure get that. I guess I’m just trying to verify that there is nothing fundamental preventing this scheme from being exploited on an iPad as on iPhone.
2 Likes
Why not include it for the iPad, if I want to have a higher level of security? It’s no burden on Apple.
Not my decision, obviously, but everything comes with a cost, even for Apple. Perhaps it will be added in a future update or perhaps not…
AppleInsider just posted an overview of Stolen Device Protection:
One thing I noticed is that there are certain system features that will require biometric authentication without any ability to fall back to a passcode. These include:
- Erasing all content and settings
- Adding or removing Face ID or Touch ID
- Turning off Find My
Now, these all make perfect sense from the standpoint of security, but I’m wondering what you can do if, after activating this feature, your phone’s biometric sensor fails. Suppose the dot-projector in your phone dies so FaceID no longer works. Is there any possible way to recover? It seems that the stolen device protection will make it impossible to disable FaceID or wipe the device.
Will you be able to put it into recovery mode, clean-install the OS and restore a backup? Or will your device permanently lose access to all of the protected features?
UPDATE 1/24/2024
Now that I’ve updated my phone to 17.3, I tried this out. I enabled SDP. Then I tried to disable it while holding my finger over the FaceID sensor array. After two failed attempts, it asked for the passcode, which worked (I assume because I was trying at home, which is a truste location).
2 Likes
In such a case you’d just turn off SDP. Turning off SDP allows for passcode fallback. Usually, that will come with a 1-hr delay (for protection), but if you do this in a trusted location (home, work) there isn’t even that delay. No need for erase/restore. Apple has thought this through.
2 Likes
Can SDP be turned off with just a passcode from a trusted location? The AI article seemed to say that it will also require biometric authentication (with the hour-delay and reauthentication if not in a trusted location).
I may have to test this after I get around to upgrading my phone.
No, the article is quite clear. Turning off SDP is listed in the 2nd list which is the set of tasks that support passcode fallback. Only tasks on the 1st list absolutely require biometric authentication.
The 1-hr delay is an additional feature, not related to fallback yes/no.
3 Likes
One reason could be Apple wants to see adoption levels and the impact on Support/AppleCare call volume before rolling out SDP to iPadOS.
2 Likes
Unless it’s marked as lost or stolen, I’d guess it could be restored from a backup or iCloud. Having no backup in the first place is just asking for trouble.
Yesterday I did test this after upgrading my phone. @Simon is correct. I blocked the FaceID sensor with my finger and after two failed attempts at face validation, it asked for the passcode, which worked.
2 Likes