My daughter's phone was just pick-pocketed on a Rome subway. Help

So what about Remote Wipe (aka Erase My Device)?

Ignoring identity matters that require internet access, like Apple Pay, and given that these guys appear to be smart enough to keep this phone offline, is there any value to requesting a remote wipe? If they crack the PIN, they can get to any phone data that doesn’t require additional authentication, since the remote wipe request will never reach the phone, right? Am I missing something?

I will probably do it anyway just in case, as soon as I can confirm she has a valid iCloud backup. But I’m just trying to think this through…

Professional pick-pockets will shut it off and keep it off. They typically work in a gang or smaller crew and sell their stolen goods to others. There are credit fraud gangs, smartphone gangs, smash and grab gangs, stolen goods fencers, etc., etc., etc. Eventually entire cargo containers can be shipped to other criminal gangs around the world. There are hacks with older iPhones to bypass Activation Lock and remove a carriers SIM lock. One such gang was caught bribing AT&T offshore call center workers to unlock thousands of phone carrier locks.

An iPhone 12 is quite secure, especially if it had the latest iOS 14.x. But they might still be able to bypass Activation Lock. If not, then the device will be scrapped for parts. In Shenzhen and Hong Kong there are a million little shops selling iPhone system boards that were activation locked. People buy them for the chips on the system board such as RAM / FLASH, etc. Many were from broken iPhones but many were also stolen. You can actually build your own Frankenstein iPhone from used parts if you have a microscope and fine detailed pro soldering station, etc. Many buy these system boards for practice before they work on a valuable system board.

Remove Apple Pay from the device, change the iCloud password, report it stolen / lost via iCloud. Do not remove the device from iCloud as that removes the Activation Lock. Call the carrier and report it stolen, they can disable the SIM and mark the device as stolen on a network the carriers use internationally. If it ever pops up online you can wipe it but still keep it in your list of Devices so Activation Lock applies. It is extremely unlikely you will ever get the device back.

If the device was corporate owned and tied to an MDM via Apple Business / Education using DEP then if it’s wiped it could still re-enroll with the MDM and that is the only way you might possibly collect enough data remotely to recover the device and give evidence to police. I wish individuals could setup their own MDM without needing a business and having enough devices. Maybe Apple will enhance iCloud with a lightweight MDM some day. It would help with parental controls. I believe there are some parental control companies that actually do use MDM (Mobile Device Management). Apple banned them temporarily then resumed their ability to continue offering the service despite using MDM technology. But it still requires User Approved MDM and it’s not auto-enrolled via purchase. As a business or educational institution you can register with Apple and when you buy products use an identifying code. That device will then be managed out of the box. As soon as it’s startup wizard runs it enrolls with your MDM automagically. If it’s wiped it re-enrolls. You have to remove the device from Apple Business / Education before it can be deacquisitioned.

Probably a good idea for the daughter to change all her passwords, email, banking, iCloud, etc.as a precaution. Keep an eye out for phishing attacks, fraud, etc. Change hotels ASAP for personal safety reasons.

Read this nightmare scenario: (if they get a foothold they can cascade across multiple accounts)

3 Likes

I’m not following how MDM enrollment helps here.

Where is the Serial Number stored?

Depending on how deeply it’s buried into chips on the mother board, then even if someone were to crack the PIN and find a way to break activation lock, then next time they try to activate the phone, wouldn’t Apple be able to detect the S/N of a previously “marked lost” phone and raise flags :triangular_flag_on_post:?

It doesn’t in your case. But if you did have MDM it would be helpful. I was making the point that Apple should provide MDM like features in iCloud to go well beyond Find My as well as offer truly functional parental controls.

Okay. I knew it wouldn’t apply in my case. But you made comments that weren’t about parental controls, but rather about device recovery:

“if it’s wiped it could still re-enroll with the MDM and that is the only way you might possibly collect enough data remotely to recover the device and give evidence to police”

So I’m not following how a device that had been managed by an MDM would be in any better position to be recovered than one not enrolled in MDM?

Do not notify your bank for the card you have on file with Apple until after you have recovered your Apple ID and have control of your Apple account.

Apple uses the card to recover your Apple ID.

In iOS 14 Apple has implemented a recovery code, very long, like 20 characters that you must use to change your Apple ID password.

You should be using a good password manager like 1password so every password is unique, random and complex.

I disagree that the contents of your phone are vulnerable. The phone’s IMEI can be blocked by your carrier. It will never work as a cellular phone but could be used on wifi. But I am no expert on what thieves do with stolen cell phones.

My phone and credit cards were stolen and no content was ever used. They were able to change my Apple ID password, turning off Find My.

I suspect they simply sell the phone for the component parts to repair shops that are not able to buy parts from Apple. The screen, battery, case, etc. are all worth fast cash to a thief who wants to unload the goods ASAP.

I always buy the AppleCare + plan. Covers two instances of loss or theft. The deductible is $149 for a new device. Repairs are free and user caused damage like cracked screens are reasonable to fix.

Apple forever never allowed extending the AppleCare. It was only available on new devices. When it expired, Apple expected users to upgrade to a newer model.

Now Apple sells AppleCare by the month after the original plan expires if you buy it within a few weeks of expiration. The plus plan that covers loss and theft is $14 a month and users can cancel at any time.

$168 a year plus $149 to replace a lost or stolen phone seems a good deal on a $1,200+ device. Sadly the $39 case isn’t covered.

Apple ran a cool remote diagnostics test on my device before I was approved to buy the extended AppleCare.

1 Like

Jun.2012 - article date.

A lot of that’s largely out of date as to what is possible now, as things have moved on.

I do remember reading it at the time and likely it helped me to decide to make some changes to my 2FA (two factor authentication), or rather 2SV (two step verification) as I think it was at the time. :grinning:

My guess is that a lot of people don’t report their iPhone as lost to Find My. If they are on a plan then the phone company knows and they will blacklist the IMEI code, but that isn’t worldwide. It is possible to restore an iPhone to factory condition. I assume that if Apple hasn’t had the phone reported lost, and it reappears as linked to a new iCloud they just consider that it has been sold. So the phone just goes to Somalia or somewhere similar, reset and if it does everything else fine it is someones new iPhone at a cheap price. Otherwise it probably gets used for parts.

The devices for breaking iPhones are expensive and the companies who build them would be keeping good track of them.

Yes, but they generally work by exploiting unpatched security flaws. You have no way of knowing (until something makes headline news) if they are known by the thieves or are only known by the security companies.

Yes, if they didn’t enable Find My on their phone. Otherwise, the activation would be locked.

I forget, is it enabled by default these days?