this post was submitted on 06 Jun 2024
909 points (97.8% liked)

Technology

59534 readers
3223 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

This is a very entertaining and educational article, giving insights into the methods used by thiefs to try and get access to your phone data.

I don't like Apple but it's great that their security is so good when it comes to this.

you are viewing a single comment's thread
view the rest of the comments
[–] Wogi@lemmy.world 23 points 5 months ago (7 children)

I also fucking hate Apple, with the same seething rage that redhats hate Windows, and I too must admit this is shockingly effective security.

[–] RidcullyTheBrown@lemmy.world 9 points 5 months ago (2 children)

Is it though? The author of this article knows what they're doing, but a regular person would probably not be as relaxed with some of the threats. I didn't see this in the article, how does the thief have the ability to contact the victim?

[–] bloodfart@lemmy.ml 6 points 5 months ago (1 children)

when you end up with someones iphone (or mac or ipad or whatever) and you want to wipe it, the computer needs you to enter the credentials of their icloud account. it tells you whose icloud credentials you need, just like having the username entered but asking for the password.

icloud usernames can be used to send imessages to the owner of the account, like you could call someone with their phone number or IM them with their screen name.

the idea is that a thief ought not be able to just wipe and repurpose a stolen device but a gifted or purchased device should provide a method to contact the person so the new owner can wipe it.

it works pretty good because if a local thief contacts you trying to get you to let them have your device you can call the cops and you already have a line of contact with the person who has the stolen goods so the police can't even say "yeah whatever, we don't care, its gone heres some tissues" and it's very easy to track them down. it also works great if you buy a used device from someone and they won't clear it to wipe because if you have a transaction record like on ebay or facebook marketplace or something you can also go to the authorities and say "hey, i bought this, here's proof, and the person i bought it from won't relinquish ownership of it"

what happens now is thieves ship a bunch of phones off to somewhere outside the juristiction of the victims governments and then they break em down to be sold for parts. now there's nothing the authorities can do and the thieves accomplices can try to socially engineer the victims into giving them what they want with impunity.

that's whats happening in the linked article, the victim is being harassed by whoever bought their phone from a thief.

[–] RidcullyTheBrown@lemmy.world 1 points 5 months ago (1 children)

Sure. My point was that exposing someone to scams like social engineering is really really bad and far less desirable than keeping an open line of communication for a purchase

[–] bloodfart@lemmy.ml 1 points 5 months ago (1 children)

Eh, I think the alternative is worse. If you could wipe stolen phones with impunity they’d be even more of a theft and fraud target than they already are and if they were just locked down with no way out then it’d be more wasteful than it already is.

[–] RidcullyTheBrown@lemmy.world 1 points 5 months ago (1 children)

my experience with iCloud is pretty bad. I worked in a startup at some point which was giving Macs to employees and sort of expected them to figure it out. We had a few people quit and that's when we figured out that the macs became shiny useless things since we didn't have access to wipe the associated account and Apple didn't help in any way. So, from my experience, this is a horrible "feature".

Now i find out that it's even worse and it gives 3rd parties means to harass you... I really think that avoiding theft comes at a far to high a price

[–] bloodfart@lemmy.ml 1 points 5 months ago

lol that sucks for the company but that’s what you get when you don’t use some kind of MDM scheme to retain control over assets. It’s especially costly to learn this lesson with Macs though.

I repair and resell scrap computers and if you’re able to prove ownership or have a business that repairs or otherwise handles Mac computers the people at the Apple Store will disable the lock for you. They take down your name and tax id and stuff though, so there’s some accountability, and it’s not easy to get to that point when you look like a greaseball and aren’t a member of apples authorized repair program. Ask me how I know lol.

Tbh it’s no different than a Chromebook or windows laptop that shows the owners email based username (in the case of windows computers with Microsoft ids it shows the users real name as well!) at the login screen, except that you can’t wipe it and resell it.

[–] Wogi@lemmy.world 2 points 5 months ago

Oh it could be better for sure. But he's got access to all the messages and data, getting a number at that point is probably trivial.

load more comments (4 replies)