this post was submitted on 06 Jun 2024
1 points (100.0% liked)

Technology

59601 readers
2940 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

This is a very entertaining and educational article, giving insights into the methods used by thiefs to try and get access to your phone data.

I don't like Apple but it's great that their security is so good when it comes to this.

top 50 comments
sorted by: hot top controversial new old
[–] mx_smith@lemmy.world 0 points 5 months ago (5 children)

I’m confused, in the article he said it was a brick to whoever has his stolen phone. How did they get his phone number to send him text messages? Did they crack the passcode and needed the iCloud password?

[–] jjagaimo@lemmy.ca 0 points 5 months ago (2 children)

The phone itself (by IMEI) is a brick. The sim and same phone number were assigned to a new phone and they texted that number

[–] mx_smith@lemmy.world 0 points 5 months ago (1 children)

So they took the SIM card out and got the phone number from that? I guess I didn’t realize you could do that.

[–] Allero@lemmy.today 0 points 5 months ago (2 children)

Yes, it's the SIM card that carries your number and may also carry data on your contacts if you save it there.

[–] XTL@sopuli.xyz 0 points 5 months ago (1 children)

And has had a PIN lock from the start. Doesn't help if you leave it as 1234, though.

[–] mx_smith@lemmy.world 0 points 5 months ago (3 children)

How would you set that pin on a SIM card in an iPhone?

load more comments (3 replies)
[–] n0clue@lemmy.world 0 points 5 months ago

They almost definitely got this info by simply having the IMEI, which is printed on the back and can definitely be accessed in whatever Apple calls their service mode though.

[–] Xatolos@reddthat.com 0 points 5 months ago (1 children)

Issue here is the iPhone 14 USA models are all e-Sim. They don't have sim cards to remove. The article says it was a iPhone 14 Pro.

load more comments (1 replies)
load more comments (4 replies)
[–] Aralakh@lemmy.ca 0 points 5 months ago (2 children)

Whoa that was a wild ride, worth the read. It's a sad market that exists, great to see Apple's privacy and security at work (as an Android user even).

load more comments (2 replies)
[–] morrowind@lemmy.ml 0 points 5 months ago (1 children)

Honestly I'm scared of when these people figure out they can use llms to make their texts look like less obvious scams

[–] Dipbeneaththelasers@lemmy.today 0 points 5 months ago (3 children)

Often scammers don't want to make it less obvious. If it's obvious and the mark falls for it, it's a good indicator they're on the hook and will fall for more. It's to filter out the less gullible so the scammer doesn't waste their time. Probably not the case with this situation specifically, but it holds true in general with scams.

[–] brbposting@sh.itjust.works 0 points 5 months ago

Probably not the case with this situation specifically

Yeah :( High-value item already in hand, never a need to guide somebody which store to buy the giftcard at or what to say to the bank teller…

[–] MeekerThanBeaker@lemmy.world 0 points 5 months ago

True. But also true is that a majority of scammers are simply not smart and/or English is not their native language. A phishing email/text that might look good to them, can look really bad to others.

But still, people still fall for the obvious phishing attacks. AI is going to make the phishing appear more legit.

load more comments (1 replies)
[–] Nurse_Robot@lemmy.world 0 points 5 months ago (8 children)

As much as I love my android phone, I have to admit Apple takes privacy and security much more seriously.

[–] themoonisacheese@sh.itjust.works 0 points 5 months ago (4 children)

How so? A Samsung or pixel with default settings would also behave that way, possibly even more securely because it wouldn't show the thieves your number.

[–] jol@discuss.tchncs.de 0 points 5 months ago

As far as I know factory resetting an android phone is relatively easy without having access to the device. But it's been a while since I've looked I hti that.

[–] Nurse_Robot@lemmy.world 0 points 5 months ago* (last edited 5 months ago) (9 children)

I guess just anecdotally. I have a pixel 7, I'm pretty confident I could factory reset the device without 3rd party authentication. Also, from the tech channels I follow, I think I could recover my data if I forgot the password. Android has always felt more "free"and customizable, and I love it for that. But I also think that freedom allows for more exploits. It's a trade off that's worth it to me, personally. But if I had illegal shit to hide on my phone, I'd probably do it on an apple device.

Edit: just checked. I can completely bypass all my locked down Google Pixel settings to factory reset my phone pretty easily if I press the right keys in the right order. It would be pretty easy to steal and resell my phone.

[–] Yamayo@lemmy.world 0 points 5 months ago (3 children)

Edit: just checked. I can completely bypass all my locked down Google Pixel settings to factory reset my phone pretty easily if I press the right keys in the right order. It would be pretty easy to steal and resell my phone.

Mind to share what "Keys in the right order" are? I mean a link, of course, because in my experience you just can't do that with a locked bootloader.

load more comments (3 replies)
[–] avidamoeba@lemmy.ca 0 points 5 months ago (1 children)

You can factory reset it easily. You can't use it without the previous Google account credentials afterwards. You can't reuse a stolen Pixel which has Google account logged into it.

[–] wreckedcarzz@lemmy.world 0 points 5 months ago

Ding ding ding, I can confirm this. I thought it was for all devices, but I guess not.

[–] lurch@sh.itjust.works 0 points 5 months ago

AFAIK you can't wipe the IMEI and if you report it stolen to providers they will block it from using their networks. (It will only be able to use wifi.)

[–] Shadow@lemmy.ca 0 points 5 months ago (2 children)

Same for Samsung afaik. Pop into the bootloader and just wipe everything.

[–] lurch@sh.itjust.works 0 points 5 months ago

AFAIK you can't wipe the IMEI and if you report it stolen to providers they will block it from using their networks. (It will only be able to use wifi.)

load more comments (1 replies)
[–] Thatuserguy@lemmy.world 0 points 5 months ago (1 children)

For what it's worth, they're trying to fix that with Android 15. Not sure if this is one of the features they'll also be back porting to older phones too like this article briefly touches on, but either way it sounds like if you factory reset the phone, it can't be set up again unless they know your login: https://www.wired.com/story/android-15-theft-detection-lock/

Google says in a blog post, the company is adding four data protection features that can help keep your information locked down. The first stops your phone from being set up after a factory reset, unless the person knows your login details. “This renders a stolen device unsellable, reducing incentives for phone theft,” Google vice president Suzanne Frey writes.

[–] technohacker@programming.dev 0 points 5 months ago (2 children)

Doesn't that already exist as the Factory Reset Protection (FRP) partition?

[–] Thatuserguy@lemmy.world 0 points 5 months ago

Honestly not too familiar with that. I imagine if they're touting this as a new thing, FRP either does something different or was lacking compared to this in some way.

Though it is Google, they could have just killed FRP in favor of this and added messaging features like they do with everything else

[–] wreckedcarzz@lemmy.world 0 points 5 months ago (1 children)

Yeah, I've had to wipe pixel devices the dirty way and it prompts (requires) your credentials to continue. Maybe it's a pixel exclusive, and others are getting it via a15?

load more comments (1 replies)
[–] wreckedcarzz@lemmy.world 0 points 5 months ago (1 children)

If you do it the manual way - not unlocking the phone and doing it through settings - you can wipe it sure, but when you try to set it up it requires the prior Google account credentials to proceed. No creds, no passing go, just a shiny brick. It's been like that for years.

Also might I recommend you take a gander at GrapheneOS for more intense security capabilities than stock.

load more comments (1 replies)
[–] steersman2484@sh.itjust.works 0 points 5 months ago* (last edited 5 months ago) (2 children)

The encryption on Android devices is pretty strong, as long as you use a good screen lock you should be fine. Yes they can reset you phone, but accessing your data is a whole other level.

If I had illegal shit on my phone, I wouldn't send it to apple servers by using an iPhone. They are the first who would comply with a surpena. I'd use GrapheneOS on a Pixel and use an obvious duress pin like 1234. If entered it wipes your encryption keys and avoids restoring your data.

And if it gets stolen, it is gone and I'd get a new one. This is the cost of having proper opsec.

Edit:

But I also think that freedom allows for more exploits.

This is a common misconception called security through obscurity

load more comments (2 replies)
[–] TrickDacy@lemmy.world 0 points 5 months ago* (last edited 5 months ago) (4 children)

As everyone is pointing out you're just wrong about this.

Also apple is overbearing AF. I recently had several back and forths with my IT department about an old company mac laptop I used to have. Since I had signed into my apple account once, Apple permanently tied that laptop to my account and wouldn't allow the fucking IT department to fully wipe it.

Keep in mind also that I would have preferred to not have or use an apple account (they kind of force it on you, even asking you to login to iCloud constantly even if you've literally never used it once), and even though I could login to the apple account in my browser and see that the laptop wasn't listed under my devices, IT was still locked out.

Literally the only way to fix this was giving the IT dept my apple password so they could authenticate then sign out of it. There was nothing I could do remotely about it. This is a security issue in itself. Zero reason I shouldn't be able to use my account remotely to remove or sign that device out. Zero reason I should have to give my password to another human. Except for apple being shit.

The apple security theater is widely believed but it's still largely theater.

[–] matthewc@lemmy.world 0 points 5 months ago (5 children)

Your post details how it isn’t possible for IT professionals to wipe a Mac without the consent of the owner’s account. How is that security theater?

[–] TrickDacy@lemmy.world 0 points 5 months ago* (last edited 5 months ago) (23 children)

You missed the part where I had to give my password to another human.

Also, I wasn't the owner, they are. Also, again, it makes zero sense to not allow me to sign it out remotely.

Nothing is secure about a system designed so poorly you have to give out your password. That should never be needed.

Not to mention, I never wanted or needed to sign in. I was just nagged to do so 100 times so I relented. Nothing about that means I own the device.

load more comments (23 replies)
[–] fushuan@lemm.ee 0 points 5 months ago (1 children)

It's more about the fact that they didn't have a webpage in their apple account where they could remotely log out, and the IT department had the physical computer so they had to either move to the department or give the department their personal password, which is bogus. Being able to remotely log out of the computer doesn't seem to be that big of an ask.

I get thay the computer should remain locked if there's no internet, but once the computer gain connectivity it should unlock if it was logged out in the user page.

[–] matthewc@lemmy.world 0 points 5 months ago

I see what you’re saying. I agree that users should be able to remove device locks remotely. You can with iPhones. Hopefully that moves to all devices.

I still prefer this to not having the lock at all.

load more comments (3 replies)
[–] Juvyn00b@lemmy.world 0 points 5 months ago (2 children)

I get this as being a bit of a hurdle, but wouldn't a good option in hind sight be to create a separate work related apple account based on your work email? I've done that in the past with various companies for iPhones and MacBooks. Makes it cleaner to return the device and doesn't compromise my personal account should they ultimately need my credentials on the non-owned-by-me device.

load more comments (2 replies)
load more comments (2 replies)
[–] muntedcrocodile@lemm.ee 0 points 5 months ago

Im pretty sure u cant fuck with a device that has a locked bootloader without unlocking said bootloader which requires u know the password. And u definatly cant recover data without passcode unless u can extract the hash from whatever chip holds it (shouldn't be possible if u have a tpm) and bruteforce it. Ur data should be encrypted and u shouldn't be able to tamper with os without unlocking bootloader which once unlocked will wipe all device data. Might be possible if u do some dodgy power injection directly into some of the chips but thats pretty advanced stuff.

[–] SeaJ@lemm.ee 0 points 5 months ago (2 children)

You can fairly easily factory reset phones from both. While you can report your phone as stolen and the IMEI will be blacklisted on US carriers, it would probably work fine abroad.

load more comments (2 replies)
load more comments (1 replies)
[–] Merlin@lemm.ee 0 points 5 months ago

Don’t think Apple security is much better. I’ve read news before about insiders that will unlock stolen phones. They work closely with the criminals and it’s a more “professional” operation. Probably it’s not as easy as doing it for an android but having an iPhone and thinking that if someone steals yours it will just become a paperweight is wrong. Sadly

[–] 0x0@programming.dev 0 points 5 months ago (3 children)

Security yes, but privacy not so much...

[–] mholiv@lemmy.world 0 points 5 months ago (15 children)

Compared to any android phone the privacy is substantially better. Apple is in the business of selling overpriced phones. Google is in the data collection business.

load more comments (15 replies)
[–] hedgehog@ttrpg.network 0 points 5 months ago (5 children)

If you’re talking about a stock Android OS on anything other than a Pixel, iOS wins in both regards. Stock on a Pixel, I don’t know that Apple is more secure, but if you’re installing apps via Google Play that use Google Play Services, iOS is certainly more private. Vs GrapheneOS on a Pixel, iOS is less private by far.

[–] MonkderDritte@feddit.de 0 points 5 months ago* (last edited 5 months ago) (2 children)

Better than bad is not good.

[–] hedgehog@ttrpg.network 0 points 5 months ago

Better than bad is still “better.”

load more comments (1 replies)
load more comments (4 replies)
load more comments (1 replies)
load more comments (5 replies)
[–] brbposting@sh.itjust.works 0 points 5 months ago* (last edited 5 months ago) (13 children)

Uhg! It’s outta control.

Does anybody have ideas for an anti-pick-pocketing solution they'd like to share? I might have to start a community for it. Or maybe you know some forums where designers who may be interested might be hanging out.

Requirements:

  • retrofit almost any front pants/shorts pocket
  • allow for near instant access (allowing for e.g. snapping a photo before the moment passes)
  • one-handed access
  • mechanical/passive: non-battery operated or fails in “unlocked” mode
  • if not locked to owner’s hand (or say a finger-worn key), makes removal feel obvious
  • automatically resets (resilient & inebriated person approved)
  • ideally works with any phone case
  • relatively inexpensive, and potentially even open source and/or 3D printable

Lately been imagining something like this, kinda… not really, and with only 2-3 fins:

so you gotta pull your phone out in a way that stretches the pocket to max width and one fin noticeably rubs against your leg.

Doesn’t meet all the requirements but also thought about a long and wide strip of cloth sewn at the bottom of a pocket that you could tuck into your waistband.

Edit: aware of one existing solution but not a huge fan

[–] MossyFeathers@pawb.social 0 points 5 months ago (1 children)

Oh my god, wallet chains are going to make a comeback, but for phones this time.

[–] wreckedcarzz@lemmy.world 0 points 5 months ago

Next: pants sagging so much I can see 4" of crack

ahh the 00s

[–] pineapplelover@lemm.ee 0 points 5 months ago (3 children)

Also might wanna try to just bring a cheap phone you wouldn't mind to lose just in case you do manage to lose it. Back up your data so if it does go missing you'll have the memories.

load more comments (3 replies)
[–] kablammy@sh.itjust.works 0 points 5 months ago

Velcro sewn to just inside the top of your pocket, so sticking a hand in your pocket makes a loud noise and you can feel it, for any pickpocket to separate the velcro.

load more comments (10 replies)
[–] boyi@lemmy.sdf.org 0 points 5 months ago

the methods used by thiefs to try and get access to your phone data.

It is not about accessing the data but to disassociate the current user from the phone so that the thief can reset the phone or/and it's components for new users.

load more comments
view more: next ›