Apple is set to add even more protection to the iPhone in the next iOS update, which will stop thieves from accessing smartphones with passcodes.
Called ‘Stolen Device Protection,’ the new setting promises to prevent cyber-criminals from locking iPhone users out of their Apple accounts or accessing any of their passwords stored in Apple’s Keychain.
If the feature detects an unknown location of the iPhone, it will require Apple’s FaceID to unlock the device.
Stolen Device Protection is set to roll out with Apple’s iOS 17.3 but is currently being tested in beta.
Apple is rolling out a new feature to protect its customers’ passcodes, online banking access, private iCloud photos and videos, and everything else that a stolen, unlocked iPhone leaves vulnerable. Dubbed Stolen Device Protection, the setting is now available to beta testers
At the heart of Stolen Device Protection is a strict reliance on the user’s biometrics via Apple’s Face ID or Touch ID and geolocation data on the iPhone owner’s most familiar places.
When users enable Stolen Device Protection, three new protective features will be activated.
Protecting your Apple ID password
As the gateway password to many other features across your Apple devices — from iCloud storage to Apple Pay to your old iTunes account — the ability to change your Apple ID password opens a world of opportunities for theft.
Stolen Device Protection is designed to block any thief’s attempt to lock you out by switching your Apple ID if the effort is made when your iPhone is not in a familiar location, like your home or office.
If you, a thief or anyone else tries to change your Apple ID password away from these familiar locations, the device will require your Face ID or Touch ID twice.
After the first biometric scan via Face ID or Touch ID, the setting requires a second scan one hour before changes can be made, preventing the kind of low-risk ‘smash and grab’ an iPhone thief is most likely to attempt.
Protecting your Apple security settings
Stolen Device Protection will also require two Face ID or Touch ID scans one hour apart if anyone operating the iPhone from a strange location attempts to add or delete a ‘recovery key’ or change a user’s trusted phone number.
Apple’s recovery key provides a randomly generated 28-character code to deal with lost access to their Apple ID, which users can then save somewhere safe (whether handwritten, emailed to themselves, memorized or something more creative).
Protecting these features ensures that a thief can’t lock you out of everything you have saved to iCloud, including personal photos or important files, which might otherwise be lost forever.
At the heart of Stolen Device Protection is a strict reliance on the user’s biometrics via Apple’s Face ID or Touch ID and geolocation data on the iPhone owner’s most familiar places. A thief will no longer be able to sneak off with a phone and access it from anywhere
Restricting access to passwords in Apple Keychain
While it’s handy for storing a user’s sprawling list of hard-to-remember passwords across every website and service they use, Apple’s password manager, iCloud Keychain, is a naturally ripe target for criminals
Before the new update, all it would take is your four or six-digit PIN to access passwords on keychains for banking apps, cash and crypto services, and more.
With Stolen Device Protection, your iPhone will require your Face ID or Touch ID to access those passwords, and your passcode will no longer cut it as a backup for failed biometric attempts.
Protecting Stolen Device protection itself
A thief might attempt to simply switch off Stolen Device Protection before they get to work virtually looking at your device.
Fortunately, the setting will require the same two biometric scans, one hour apart, to switch the feature off.
Some risks remain
Although the new security update ensures several failsafe measures to prevent a true disaster for Apple’s iPhone customers, there are still open vulnerabilities if your phone is stolen.
Any app, email or website access that isn’t protected by an additional password or PIN would still be at risk.
That means that, in many cases, any account or login that can be reset by text or email will still be at risk even if Stolen Device Protection is turned on.
Adding to that risk, all the credit cards or services linked to Apple Pay will still work with just a passcode if your Face ID or Touch ID biometrics fail.
The Wall Street Journal, which broke news of the nationwide thefts that led to this new update, suggests adding extra PINs or biometric hurdles to any financial apps on your device.
They also suggest moving quickly to access iCloud and wipe your stolen device remotely once you have noticed the theft.