Here's a statement of the obvious: The opinions expressed here are those of the participants, not those of the Mutual Fund Observer. We cannot vouch for the accuracy or appropriateness of any of it, though we do encourage civility and good humor.
Support MFO
Donate through PayPal
Apple's iPhone Passcode Problem: How to Protect From Thieves
Scary stuff. I detect a “slant” to the writing style - a highly persuasive tone. That is not a criticism. Just unusual in technical writing.
Have used Apple devices (dozens of them) for near 20 years w/o a problem. Early on there was a 4-digit passcode. Now it’s 6-digits. But I’m paranoid about not losing a device. Lock it in the car rather than carrying it with me most of the time. (In hot weather I take steps to keep it out of direct heat).
There is a setting which when enabled instructs the device to erase all content after several unsuccessful attempts to input passcode. I leave that turned on. Always figured it was enough protection unless someone very sophisticated gets access to device. Article seems to reference a couple different IDs. There’s the 6-digit code to open device and read content. There’s also a more complex “Apple ID” needed to make changes to your account or sign in a new device.
Serious topic folks. We carry our entire life around in our pockets nowadays. Often we have information stored about others we may know as well.
@hank - 99% Apple mostly. reserving the 1% to be a danger on PC's only if I have too. Thankfully I have a 12-yr old grandson to get me out of trouble when necessary.
I don't use the wallet app whatsoever despite Apple's incessant nagging to get me to set it up. I also confess to be driven absolutely dingy trying to wade through most of the Privacy & Security options/procedures. I always add extra to my tequila concoction whenever I dare to go there.
Thanks @Mark. About the same here. Bought a new MacBook couple ago and have little need for it. Handy for doing taxes. My late model IPad Air can do so much. The wallet app would require carrying the phone all the time when in stores which I’d be reluctant to do. Unfortunately I’ve purchased an occasional Broadway ticket from some vendors which can’t be printed out - digital only. So have been more or less forced to use the wallet app for storing those. Have to say it’s a smooth and reliable app - even though rarely use it.
I have only MacBook Air. It's had a whole new life to look back upon, after the wonderful Apple people erased everything on it, to remove a bug of their own making, which got in while I was receiving one of their own updates. Lately, I keep getting tiny boxed reminders in the upper right-side to update my settings so I can make use of more Apple features. Turns out, it's the iCloud. Screw that. These internet companies DO want to own you. Google would take and sell your teeth, if they could. Any issues on your APPLE device that are not connected to Apple software, the lovely people at APPLE will not touch. Just in the last few days, I've had to put up with intrusions. (See my anti-virus thread.) Apple's own defenses leave much to be desired.
I dunno if there's somehow a connection, but I've been getting weird texts from Amazon telling me my account is suspended because of several failed attempts to log-in. "Please click on this link in order to re-activate your account before it is permanently suspended."
...But I do not have an Amazon account. I talked about it with my son, who shares the same surname, but not his "first" name. He told me he has an account but it's been sitting, inactive for a long time. Do they have me mixed up with him? Or do the f*****g HACKERS have me confused with him? I'll never know. Last time I got another text message was last night again, at about 11:00 p.m. here. I replied "stop" which usually works. We'll see. Technology marches on. Is it a blessing or a curse? The jury is still out.
@Crash- oh, come on man- you make it sound as if you're the only one getting this crap. It's got nothing to do with Apple, nothing to do with you or your setup. First of all, those texts were not from Amazon, and Amazon doesn't have you "mixed up" with anyone. Some days I get half a dozen of these.
You gave your text or email address to someplace you visited. And that someplace sold that address, along with sixteen thousand other people just like you, to some outfit which in turn sold the addresses of sixteen million other people just like you to some hacker.
Said hacker now sends all of you phony software-generated texts and emails purportedly from outfits from Amazon to Zillow, hoping to get you to respond to those and do something stupid, which will compromise your phone or computer and quite possibly cause you financial loss. Some very small percentage of people will fall for this crap, but that's enough to make it worth while.
It's pretty simple:
• Be very careful where you visit on the internet. Curiosity can definitely kill your cat.
• Immediately trash anything that isn't from an entity that you are absolutely certain has a legitimate reason to be sending you stuff. Examine the sender's address very closely. If it isn't exactly identical to previous traffic that you have received from this sender, there is a high chance that it's phony.
@Old_Joe You said, "Some days I get half a dozen of these." I'm glad it's you & not me. Point #2 "Be very careful where you visit on the internet. Curiosity can definitely kill your cat." 110 % agree on that comment.
Does the Apple phones come with a lock ? I use my finger print , just encase I lose my Android or someone five fingers it.
I did read the article from news print & found it interesting although it didn't relate to my life style.
Hank said ,"Unfortunately I’ve purchased an occasional Broadway ticket from some vendors which can’t be printed out - digital only." ( Will call window ?)
How in the sand hill do you attend without a smartphone ? Some ball parks are now cashless, another sand hill to contend with.
Seems most of us have a number tattooed to use one way or another.
Thanks, read the article too and review all our setting. The newer models use face and fingerprint recognition in addition to 6 digit passcode. We also avoid keeping passwords to other sites on the iPhone in case we loss them.
Still we get spam emails and text messages and we keep blocking them by filters. Frustrating.
@Derf- yeah, my wife and I have often talked about how it's getting to be that people can't just go someplace and use cash or a credit card... gotta have some absurdly expensive internet gizmo just to buy a sandwich in some places. Forget it... we ain't goin' there.
Once after my iPad had been hacked I got a fake message (either text message or email) saying my savings account at J.P. Morgan Bank had been suspended. Was directed to click on a link to resolve issue. Since I have never had a bank account at J.P. Morgan I knew it to be fake. However, I sometimes invest in J.P. Morgan funds or look up data on them. So the perpetrator probably had been tracking my internet searches.
I’ve also gotten a few phone calls or text messages telling me my Amazon account was suspended and to phone a number to clear this up. Also fake. And received a highly suspicious phone call from someone representing themselves as “calling on behalf of your Blue Cross provider” Along with “You are speaking on a recorded line.” Well, hate to be rude, but I promptly hung up! Not meant as a plug for Norton - but am not aware of any issues with my ipad since I installed their ant-virus.
I’m in my “golden years” and it’s a well known fact the scam artists target older people and sometimes hit the “jackpot.” Folks have had their life savings stolen through such practices. The one time my identity was stolen (10+ years ago) the police were able to trace the party back to Russia. Someone had created a fake yahoo email account very similar in name to the one I’d been using - just altering a single letter or number. And it must have slipped through the security net of PayPal or someone else I’d done business with. Once in the door the thieves will roam. And of course, Social Security numbers aren’t very confidential. They were frequently used on everything from summer employment forms to health care records to college entrance applications.
There was no further resolution of the identity theft except that Pay Pal and my local bank made me whole for the modest losses. I’ve been using Identity Guard ever since.
@hank, You can touch the sender address in Mail to reveal its email. If it is different from a legitimate sender (easily tell from strange address and extension), you can create a filter with that particular address so it will be discard automatically. Often the address tells they are coming from Eastern Europe, Russia and Middle East.
Also you can set up your iPhone that will only accept those phone numbers in your directory. Others would just go silent. if a legitimate call try to reach me, they may try more than once at which I may call back. This is quite effective with spam calls. Same applies to text messages.
I came across a good WSJ article on this issue. Unfortunately, cannot link it.
But most of these “hijackings” of iphones involve them being physically stolen after someone has observed the passcode being entered. In specific, bars are being targeted late at night and inebriated / drugged patrons a prime target. There are gangs of thieves who target certain bars. In some cases, the passcode entered by the owner was captured on a surveillance camera before the phone was stolen.
So I’d say - for starters - don’t get smashed in bars. And keep a tight grip on that phone when carrying it. A front shirt pocket that buttons securely shut would be my first choice. But yup - the repercussions from having a phone’s content breached are severe. Probably worse than losing a purse or wallet.
It's not surprising that gangs of thieves are targeting iPhone users. There can be considerable risk if a mobile phone is stolen or compromised. I refrain from banking/trading/paying bills via my iPhone and other mobile devices due to risk concerns. Find My iPhone can be used to remotely erase data after a number of failed passcode attempts. But this feature won't be useful if the passcode was captured via camera...
I just checked my device. You need to enable the “erase” function in settings. Wish you could set it to fewer than 10 errant attempts before that happens however. ISTM 5 attempts would be enough - unless you’re seriously mentally incapacitated or absolutely smashed out of your mind.
I suspect I’m like a lot of old farts that don’t like to carry a “live” phone in their pockets. So ringer is normally turned off & phone silenced. Family & acquaintances seem to respect my desire not to have a phone ring when driving, biking or relaxing outdoors at a beach resort in a warmer climate. E-mail, of course, is a decent alternative should getting in contact be important.
Some grocery stores are now posting 2 prices. (1) What you pay if you go online and “clip” the coupon from their website and (2) what everybody else pays. Since I don’t carry a phone when grocery shopping I’ve let them know what I think of their new approach. I’d imagine that if you did log in to their site you’d be inundated with ads and they’d try to scrape as much personal data as they could from your phone.
Newer cars have great built in security. Where I typically leave the phone when shopping. In warm weather I drop phone into an insulated sack or cooler along with 2 or 3 cold cans of my favorite beverage. You don’t want it exposed to near 100 degree heat for very long.
"Newer cars have great built in security. Where I typically leave the phone when shopping."
@hank- You'd better not try that in SF. For years tourists have been losing their phones and anything else of value by leaving their stuff in "locked" cars. It takes five seconds to break a door window and maybe 1 minute to grab anything of value. The most popular sites for this sort of thing are evidenced by small piles of broken glass from the car windows:
Life in the big city. If you think that I'm exaggerating, try DuckDuckGo "Images": "broken car window glass san francisco"
I should really just go back to using one of the earliest models of a flip phone because other than the Camera and Maps and Weather now and again that's 95% of my use. I use the phone mostly as a reference to see who was foolish enough to call me since close friends know I can't hear 75% of what they say unless they vary looking right at me when speaking.
But anyway, I find it odd that texting is against the law in most states. Missouri and Montana still allow it. So how is having an 8-10 screen on the dash ok? Some vehicles I understand project the screen image right on the windshield in front of the driver. That's not distracting? I'm an idiot.
Well … err … I guess they can bust into your car, house, or mug you somewhere if they want the phone bad enough. Good advice though. Wouldn’t leave it in the car more than an hour or two. I guess between breaking my car window or whacking me over the head somewhere to steal it I’d prefer their breaking the window. The Honda has great security let me tell you. I tried reaching through an open window once to open a door when it was sitting in the garage and set off an alarm!
Once I locked myself out of my old 2005 Silverado and called 911 for help. The cop showed up with a special tool and finally opened a door by going over the glass and physically tripping the inside latch. But he had a hell of a time doing so. Took 10 minutes or longer
One thought re modern cars’ electronic security … There might be some type of electronic device thieves could use designed to counteract that security. Not something most of us possess - but no doubt they exist..
BTW - OJ - Do you need any advice about buying a snowblower? Heard there’s several feet of snow out there.
@hank- Yeah, lots of snow for sure, but not around us, thank goodness. When I was a kid we did have a fair amount of snow, right in SF a couple of times. Our dog had no idea what it was, but he really loved the stuff. The Russian River that runs behind our Guerneville place isn't snow-fed, so while it can and does flood very impressively it's all from rain runoff. The house is up on twenty-foot cement pillars because of that, and so far the river at it's worst has used only ten of those twenty feet. Most of the neighbor's houses were also raised about the same amount, after the feds cancelled flood insurance about 25 years ago. Some recent Guerneville floods-
What you have to realize about the car break-ins is that window-breaking gizmos are widely sold, even in hardware stores- evidently they are sold as "safety" items to be used in an emergency to prevent being trapped inside vehicles. In SF we're not talking about "a" break-in- we're talking about dozens at a time, and the favorite vehicles are the new cars typically rented by tourists. They hit areas where tourists are found on a regular basis, and they can easily do five cars in five minutes, so your "hour or so" is more than enough time for them.
Most interesting. Appreciate the added information. Well … I’ll have to decide whether I want to risk losing the damn phone while shopping or having it stolen from vehicle. One hopes to be able to estimate the relative risks based on time of day & location. In any event, the car’s alarm would sound loudly. . Around here I haven’t heard of daytime auto break-ins. Sometimes there are reports of a series of auto thefts during a single night in a particular neighborhood. Often those cars were left unlocked.
I’ll say I took the phone to a large crowded gym in NYC not far from Times Square some years back. Was still running a bit on treadmills then and didn’t want it in my pocket. Damned if I didn’t leave it sitting in the tray on the machine after getting off. Remembered it about 10 minutes later and raced back from the locker room to retrieve it. Could easily have been stolen. It’s things like that that make me not want to carry it all the time. On the other hand, in 60 years of driving - dozens of different vehicles - I’ve never had a break-in or theft from one whether locked or not.
Ouch! Flooding like that can do a lot of damage. Sorry to see that.
Comments
Have used Apple devices (dozens of them) for near 20 years w/o a problem. Early on there was a 4-digit passcode. Now it’s 6-digits. But I’m paranoid about not losing a device. Lock it in the car rather than carrying it with me most of the time. (In hot weather I take steps to keep it out of direct heat).
There is a setting which when enabled instructs the device to erase all content after several unsuccessful attempts to input passcode. I leave that turned on. Always figured it was enough protection unless someone very sophisticated gets access to device. Article seems to reference a couple different IDs. There’s the 6-digit code to open device and read content. There’s also a more complex “Apple ID” needed to make changes to your account or sign in a new device.
Serious topic folks. We carry our entire life around in our pockets nowadays. Often we have information stored about others we may know as well.
@Mark Are you an Apple user?
I don't use the wallet app whatsoever despite Apple's incessant nagging to get me to set it up. I also confess to be driven absolutely dingy trying to wade through most of the Privacy & Security options/procedures. I always add extra to my tequila concoction whenever I dare to go there.
I dunno if there's somehow a connection, but I've been getting weird texts from Amazon telling me my account is suspended because of several failed attempts to log-in. "Please click on this link in order to re-activate your account before it is permanently suspended."
...But I do not have an Amazon account. I talked about it with my son, who shares the same surname, but not his "first" name. He told me he has an account but it's been sitting, inactive for a long time. Do they have me mixed up with him? Or do the f*****g HACKERS have me confused with him? I'll never know. Last time I got another text message was last night again, at about 11:00 p.m. here. I replied "stop" which usually works. We'll see. Technology marches on. Is it a blessing or a curse? The jury is still out.
You gave your text or email address to someplace you visited. And that someplace sold that address, along with sixteen thousand other people just like you, to some outfit which in turn sold the addresses of sixteen million other people just like you to some hacker.
Said hacker now sends all of you phony software-generated texts and emails purportedly from outfits from Amazon to Zillow, hoping to get you to respond to those and do something stupid, which will compromise your phone or computer and quite possibly cause you financial loss. Some very small percentage of people will fall for this crap, but that's enough to make it worth while.
It's pretty simple:
• Be very careful where you visit on the internet. Curiosity can definitely kill your cat.
• Immediately trash anything that isn't from an entity that you are absolutely certain has a legitimate reason to be sending you stuff. Examine the sender's address very closely. If it isn't exactly identical to previous traffic that you have received from this sender, there is a high chance that it's phony.
Point #2 "Be very careful where you visit on the internet. Curiosity can definitely kill your cat." 110 % agree on that comment.
Does the Apple phones come with a lock ? I use my finger print , just encase I lose my Android or someone five fingers it.
I did read the article from news print & found it interesting although it didn't relate to my life style.
Hank said ,"Unfortunately I’ve purchased an occasional Broadway ticket from some vendors which can’t be printed out - digital only." ( Will call window ?)
How in the sand hill do you attend without a smartphone ? Some ball parks are now cashless, another sand hill to contend with.
Seems most of us have a number tattooed to use one way or another.
Have a nice Sunday, Derf
Still we get spam emails and text messages and we keep blocking them by filters. Frustrating.
I’ve also gotten a few phone calls or text messages telling me my Amazon account was suspended and to phone a number to clear this up. Also fake. And received a highly suspicious phone call from someone representing themselves as “calling on behalf of your Blue Cross provider” Along with “You are speaking on a recorded line.” Well, hate to be rude, but I promptly hung up! Not meant as a plug for Norton - but am not aware of any issues with my ipad since I installed their ant-virus.
I’m in my “golden years” and it’s a well known fact the scam artists target older people and sometimes hit the “jackpot.” Folks have had their life savings stolen through such practices. The one time my identity was stolen (10+ years ago) the police were able to trace the party back to Russia. Someone had created a fake yahoo email account very similar in name to the one I’d been using - just altering a single letter or number. And it must have slipped through the security net of PayPal or someone else I’d done business with. Once in the door the thieves will roam. And of course, Social Security numbers aren’t very confidential. They were frequently used on everything from summer employment forms to health care records to college entrance applications.
There was no further resolution of the identity theft except that Pay Pal and my local bank made me whole for the modest losses. I’ve been using Identity Guard ever since.
You can touch the sender address in Mail to reveal its email. If it is different from a legitimate sender (easily tell from strange address and extension), you can create a filter with that particular address so it will be discard automatically. Often the address tells they are coming from Eastern Europe, Russia and Middle East.
Also you can set up your iPhone that will only accept those phone numbers in your directory. Others would just go silent. if a legitimate call try to reach me, they may try more than once at which I may call back. This is quite effective with spam calls. Same applies to text messages.
But most of these “hijackings” of iphones involve them being physically stolen after someone has observed the passcode being entered. In specific, bars are being targeted late at night and inebriated / drugged patrons a prime target. There are gangs of thieves who target certain bars. In some cases, the passcode entered by the owner was captured on a surveillance camera before the phone was stolen.
So I’d say - for starters - don’t get smashed in bars. And keep a tight grip on that phone when carrying it. A front shirt pocket that buttons securely shut would be my first choice. But yup - the repercussions from having a phone’s content breached are severe. Probably worse than losing a purse or wallet.
There can be considerable risk if a mobile phone is stolen or compromised.
I refrain from banking/trading/paying bills via my iPhone and other mobile devices due to risk concerns.
Find My iPhone can be used to remotely erase data after a number of failed passcode attempts.
But this feature won't be useful if the passcode was captured via camera...
I suspect I’m like a lot of old farts that don’t like to carry a “live” phone in their pockets. So ringer is normally turned off & phone silenced. Family & acquaintances seem to respect my desire not to have a phone ring when driving, biking or relaxing outdoors at a beach resort in a warmer climate. E-mail, of course, is a decent alternative should getting in contact be important.
Some grocery stores are now posting 2 prices. (1) What you pay if you go online and “clip” the coupon from their website and (2) what everybody else pays. Since I don’t carry a phone when grocery shopping I’ve let them know what I think of their new approach. I’d imagine that if you did log in to their site you’d be inundated with ads and they’d try to scrape as much personal data as they could from your phone.
Newer cars have great built in security. Where I typically leave the phone when shopping. In warm weather I drop phone into an insulated sack or cooler along with 2 or 3 cold cans of my favorite beverage. You don’t want it exposed to near 100 degree heat for very long.
@hank- You'd better not try that in SF. For years tourists have been losing their phones and anything else of value by leaving their stuff in "locked" cars. It takes five seconds to break a door window and maybe 1 minute to grab anything of value. The most popular sites for this sort of thing are evidenced by small piles of broken glass from the car windows:
Life in the big city. If you think that I'm exaggerating, try DuckDuckGo "Images":
"broken car window glass san francisco"
But anyway, I find it odd that texting is against the law in most states. Missouri and Montana still allow it. So how is having an 8-10 screen on the dash ok? Some vehicles I understand project the screen image right on the windshield in front of the driver. That's not distracting? I'm an idiot.
Well … err … I guess they can bust into your car, house, or mug you somewhere if they want the phone bad enough. Good advice though. Wouldn’t leave it in the car more than an hour or two. I guess between breaking my car window or whacking me over the head somewhere to steal it I’d prefer their breaking the window. The Honda has great security let me tell you. I tried reaching through an open window once to open a door when it was sitting in the garage and set off an alarm!
Once I locked myself out of my old 2005 Silverado and called 911 for help. The cop showed up with a special tool and finally opened a door by going over the glass and physically tripping the inside latch. But he had a hell of a time doing so. Took 10 minutes or longer
One thought re modern cars’ electronic security … There might be some type of electronic device thieves could use designed to counteract that security. Not something most of us possess - but no doubt they exist..
BTW - OJ - Do you need any advice about buying a snowblower? Heard there’s several feet of snow out there.
Some recent Guerneville floods-
What you have to realize about the car break-ins is that window-breaking gizmos are widely sold, even in hardware stores- evidently they are sold as "safety" items to be used in an emergency to prevent being trapped inside vehicles. In SF we're not talking about "a" break-in- we're talking about dozens at a time, and the favorite vehicles are the new cars typically rented by tourists. They hit areas where tourists are found on a regular basis, and they can easily do five cars in five minutes, so your "hour or so" is more than enough time for them.
Most interesting. Appreciate the added information. Well … I’ll have to decide whether I want to risk losing the damn phone while shopping or having it stolen from vehicle. One hopes to be able to estimate the relative risks based on time of day & location. In any event, the car’s alarm would sound loudly. . Around here I haven’t heard of daytime auto break-ins. Sometimes there are reports of a series of auto thefts during a single night in a particular neighborhood. Often those cars were left unlocked.
I’ll say I took the phone to a large crowded gym in NYC not far from Times Square some years back. Was still running a bit on treadmills then and didn’t want it in my pocket. Damned if I didn’t leave it sitting in the tray on the machine after getting off. Remembered it about 10 minutes later and raced back from the locker room to retrieve it. Could easily have been stolen. It’s things like that that make me not want to carry it all the time. On the other hand, in 60 years of driving - dozens of different vehicles - I’ve never had a break-in or theft from one whether locked or not.
Ouch! Flooding like that can do a lot of damage. Sorry to see that.