Your iPhone has a MAJOR security problem (5 tips to keep you safe)

📧 Want a FREE weekly dose of Tech News, Hints and Tips? Sign up for my newsletter!

ProperHonestTech

The other thing that is important is to take a screen shot of the “about” page, specifically the IMEI number(s) and keep that on some one else’s phone. This is the number that the cell system uses to track where your phone. You send this number to the Police and they can see where your phone is and block it out of the cell system.
This used to be a thing we all should do but it is forgotten.
I am going to do what the previous commenter said too.

williambunting

The problem is not the passcode, but that you can reset your apple-ID with it rather than to type in your apple-ID password.

CB-yhov

Apple should bring back Touch ID as a secondary unlock system which can be on the side button, similar to the 10th gen iPad top button. Maybe starting with iPhone 15. Passcode should be used only as a last resort and that too when you are not in a crowd.

ravi

Also, I have complained to Apple for ages that it makes no sense for a two factor code to be sent in a message to the device you request it on. It *should* be sent to your other devices excluding the one its requested on. Implementation of this would be easy - either a special category of message or, since they read the messages (are they encrypted?) so the system can know its a 2fa code they can pre-empt and disable delivery for such a message to the requesting device.

josephfredbill

Just a simple security question to a well chosen answer would do the trick

katebeedot

Fully support your suggestions. My rule of thumb is not to use passcode ever when in a public place. Even udring Covid I would rather wait for login until out of a group of strangers then while in it.

What I do not understand is: to access passwords on Safari on the computer you need the admin password but you do not on the phone. Why not use the admin password also on the phone

tesla-spectre

I have a security background and as recently migrating from Android phone to iPhone. I noticed this vulnerability right away. Fortunately, I have always relied on third-party software for backup storage and password management, so will continue this approach. Made me acutely aware that now I have a target on my back as an iPhone user. Best thing to do is be very discrete about where and when you use this device - and change login method based on your vulnerability. Before going to a bar or on vacation, change to fingerprint or face recognition - you can always change it back later.

swanstevenson

Thanks for highlighting this. Lost a phone on a train some years back and, as far as I'm aware, it wasn't actually compromised as I've always used a 10 character alphanumeric code. By the time I'd got home to check, whoever had picked it up had already switched it off as Find My couldn't locate it (and never did subsequently). Battery was fully charged when I left home so switching it off it was a deliberate attempt to avoid detection.

jkennan

Scary indeed! Thank you so much for this video and your suggestions. Especially not being aware of the problem is the biggest danger.

rachelio

Biggest thing, and not that hard of a change, the access code to your Apple Device should be for access only. Not for changing passwords or settings. And Settings > Password should be behind a code/password/biometric that is NOT the access code. BTW - a lot of this also affects Android. You’re not safe there either.

Dk-qfdd

great video tom! thank you for making such great content for us. I wanted to share an idea though... we do need an app lock feature on iPhones and there should be a feature that asks for a passcode whenever you try to turn off your iPhone. That way, if your phone is stolen and if you have an E-SIM, it would be nearly impossible for the thief to turn off your iPhone. And because of this you can easily trace the location of your iPhone. :).

Arsalan_

Another way to prevent this from happening or at least a method to slow them down is as follows.

Open Settings - Screen Time - Content & Privacy Restrictions - scroll down to Allow Changes - select don’t allow changes to passwords & account changes.

Remember these guys probably know what they are doing but this should buy you enough time to be able to lock your phone and report it as stolen from the find my app.

Hopefully this doesn’t happen to anyone here but it’s never to late to take these precautions.

Flavius_Tanigoi

Odd for them to not require the existing password in full to change it.

adammachin

Great video Tom! IMO, In order to change your iPhone passcode, Apple should require you to enter your Apple ID password.

billyg

I love Face ID, but my only complaint is that we cannot set the number of face ID failures before having to enter the passcode. it’s very easy to have a friend look at your screen and trigger one or two failures of face ID simply by accident. It seems it should be easy for Apple to have a setting where we can determine the number of face ID failures up to maybe four. That way it would be highly unlikely. We would need to enter the passcode in almost any situation.

cnyphotovideo

I set my iCloud sign in on a YubiKey. I also go into Screen Time and set not allow to account changes and a few other things and set up a different pin for screen time. That locks out my profile on device unless they know that pin.

michaels

11:38 You have better options for storing data. Apps like Scanner Pro (I just happen to use this one myself) allow for additional passcodes, so your scans are safe. Also, Disk Decipher is a great option to have encrypted storage on your phone - or your NAS - that also works on your computer! Makes sharing sensitive data easy and safe!

TheBrilliantShadow

Hope below steps will be useful to prevent the iPhone password change or iCloud password change even if someone knows your iPhone pin:

Part A: Update you iPhone to latest iOS:

Part B: Set screen time password:
1. Go to Settings > Screen Time.
2. Set screen time password.

Part C: Lock password and account change:
1. Launch the Settings app.
2. Tap Screen Time → Content and Privacy Restrictions.
3. Toggle on Content & Privacy Restrictions.
4. Now, scroll down to the ALLOW CHANGES menu and choose Passcode Changes.
5. Select the Don’t Allow option.
6. Similarly, tap the Back button to go to the previous interface. Then repeat the same exercise for Account Changes.

RaviGupta-TheRadiant

Glad you made this Apple security warning. I am shocked that Apple is not doing anything to change it.
Why not use a two device identification to prevent ID theft. The 2nd device would have the deciding authentication confirmation factor. Or call Apple to give verbal answers to preset authentication questions.

TexasKid