In the ever-evolving landscape of digital security, Apple has taken another stride towards fortifying its users’ privacy with the introduction of the “Stolen Device Protection” feature in the latest iOS 17.3 developer beta. While the tech giant has long prided itself on the security measures embedded in its devices, a recent incident highlighted a vulnerability, prompting the development of this new layer of defense.
Earlier this year, a Wall Street Journal investigation shed light on a concerning exploit where thieves could reset iCloud passwords on stolen iPhones, gaining access to not only the device but also the associated Apple ID. The method involved knowledge of the victim’s iPhone passcode, a detail easily obtained by those observant enough to spy during the password input. Although Apple has always recommended best practices for securing one’s device, such as using alphanumeric passwords and avoiding password entry in public spaces, these measures were not foolproof.
Responding to this potential security loophole, Apple has unveiled the Stolen Device Protection feature, a significant addition to iOS 17.3. This feature, when activated, mandates the use of Face ID or Touch ID for specific actions, creating an additional layer of authentication beyond the conventional passcode.
The range of actions now safeguarded by Stolen Device Protection is extensive. Face ID or Touch ID authentication is required for accessing passwords and passkeys, making purchases with stored cards in Safari, applying for an Apple Card, viewing the digital Apple Card, erasing device content and settings, executing certain actions in Apple Cash and Savings in Wallet, disabling Lost Mode, and using the iPhone for setting up a new device.
Furthermore, certain critical functions now necessitate Face ID or Touch ID and involve a one-hour delay for added security. These actions encompass changing the Apple ID password, updating specific Apple ID account security settings, modifying the iPhone passcode, adjusting Face ID or Touch ID settings, turning off Find My, and deactivating Stolen Device Protection itself.
A crucial aspect of this enhanced security measure is the elimination of the passcode entry option in case Face ID or Touch ID authentication fails. Users are likely to have the opportunity to retry the scan, accommodating scenarios such as forgotten passwords or Face ID not registering due to external factors. However, malicious attempts to gain unauthorized access are thwarted, as the passcode entry alternative is strictly unavailable.
Enabling Stolen Device Protection is a straightforward process for users with iOS 17.3 or newer. By navigating to Settings > Face ID & Passcode > Stolen Device Protection, users can activate this feature. For those participating in the beta version, a pop-up may prompt them to test the functionality. However, users on the public release of iOS 17.3 will not receive this invitation.
It is worth noting that should users decide to disable the Stolen Device Protection feature, they will encounter a one-hour delay. This intentional delay serves as an additional precautionary measure, deterring potential unauthorized attempts to disable the security feature.
The introduction of Stolen Device Protection underscores Apple’s ongoing commitment to enhancing user privacy and security. As technology advances, so do the threats and vulnerabilities, making it imperative for companies like Apple to stay vigilant and proactive in safeguarding their users’ digital lives. The incorporation of biometric authentication and delayed access to critical functions represents a significant step towards fortifying the walls that protect sensitive user data, reinforcing Apple’s reputation as a trailblazer in prioritizing user privacy. As iOS 17.3 progresses through development, users can anticipate a more robust and resilient defence against potential security breaches.