this post was submitted on 06 Jun 2024
909 points (97.8% liked)

Technology

59534 readers
3197 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

This is a very entertaining and educational article, giving insights into the methods used by thiefs to try and get access to your phone data.

I don't like Apple but it's great that their security is so good when it comes to this.

you are viewing a single comment's thread
view the rest of the comments
[–] mx_smith@lemmy.world 55 points 5 months ago (3 children)

I’m confused, in the article he said it was a brick to whoever has his stolen phone. How did they get his phone number to send him text messages? Did they crack the passcode and needed the iCloud password?

[–] jonne@infosec.pub 60 points 5 months ago (1 children)

I think when you remotely wipe the phone you can make it show a message with your phone number, in case you're actually a honest person that found the phone instead of a thief.

[–] Dashi@lemmy.world 23 points 5 months ago* (last edited 5 months ago) (1 children)

In the response posts to the article someone said they got the icloud address via reset request which you can use in iMessage.

Not an i phone person so i can't verify but thought id pass that along.

[–] mx_smith@lemmy.world 12 points 5 months ago

That’s interesting, never thought of that as an attack vector.

[–] jjagaimo@lemmy.ca 28 points 5 months ago (2 children)

The phone itself (by IMEI) is a brick. The sim and same phone number were assigned to a new phone and they texted that number

[–] Xatolos@reddthat.com 20 points 5 months ago (1 children)

Issue here is the iPhone 14 USA models are all e-Sim. They don't have sim cards to remove. The article says it was a iPhone 14 Pro.

[–] jjagaimo@lemmy.ca 20 points 5 months ago* (last edited 5 months ago) (1 children)

Typically if you report the phone stolen to your provider they blacklist the IMEI which gets shared with other providers so the phone can no longer be used. I was unclear on this part but a new e-sim can be provided for the new phone, and the old sim banned or the old one transferred. Regardless, the old phone will still show the IMEI/sim/phone number, which is how they got that to text them

[–] Aux@lemmy.world 1 points 5 months ago

IMEI doesn't mean shit, you can easily change it and no one really blacklists them. The iPhone is bricked on a hardware level through iCloud.

[–] mx_smith@lemmy.world 5 points 5 months ago (1 children)

So they took the SIM card out and got the phone number from that? I guess I didn’t realize you could do that.

[–] Allero@lemmy.today 9 points 5 months ago (3 children)

Yes, it's the SIM card that carries your number and may also carry data on your contacts if you save it there.

[–] n0clue@lemmy.world 6 points 5 months ago

They almost definitely got this info by simply having the IMEI, which is printed on the back and can definitely be accessed in whatever Apple calls their service mode though.

[–] XTL@sopuli.xyz 3 points 5 months ago (2 children)

And has had a PIN lock from the start. Doesn't help if you leave it as 1234, though.

[–] mx_smith@lemmy.world 2 points 5 months ago (1 children)

How would you set that pin on a SIM card in an iPhone?

[–] RememberTheApollo_@lemmy.world 7 points 5 months ago (1 children)

On iOS:

Settings > cellular > SIM PIN

[–] mx_smith@lemmy.world 3 points 5 months ago (1 children)
[–] RememberTheApollo_@lemmy.world 2 points 5 months ago

Very welcome. Glad to help.

[–] Allero@lemmy.today 1 points 5 months ago

True, although this option loses popularity over the years.

[–] Emerald@lemmy.world 1 points 5 months ago

And you can use that phone number to find their full name and address.