Defending against iCloud takeover if your phone is stolen

24 Oct 2023 21:02 | iOS | iphone | security

Another security issue that's been rising in recent years is the advent of
organised criminals shoulder-surfing iPhone passcodes in order to then later
steal the phone and take over the iCloud account.

Unfortunate victims are then locked out of their account forever, losing
precious iCloud data such as photos of their kids.

There are some steps you can take to protect yourself, such as using a
longer/more complex passcode and being very careful where you type it to ensure
nobody can see over your shoulder.

But what if the phone is snatched in an unlocked state? This could happen to
anyone, where I work it's quite common for thieves on mopeds to swipe phones out
of peoples hands. An unlocked iPhone is a disaster waiting to happen in the
hands of a thief, it's likely they can use your email to gain access to your
iCloud account and compromise it permanently.

I was mulling this over and realised that it's possible to construct a fairly
robust defence against this using the Shortcuts app. After a bit of playing
around I was able to create a shortcut that would lock the phone whenever any of
a list of apps were opened. With FaceID this is a fairly minor inconvenience,
just have to wait a couple of seconds for it to unlock and swipe up to continue
using the app.

If you configure this to happen when the Settings app is opened you will likely
likely thwart most thieves. As soon as they go to Settings to change the iCloud
password they'll be locked out of the phone and not be able to do anything with