Defending against iCloud takeover if your phone is stolen

24 Oct 2023 21:02 | iOS | iphone | security

Another security issue that’s been rising in recent years is the advent of organised criminals shoulder-surfing iPhone passcodes in order to then later steal the phone and take over the iCloud account.

Unfortunate victims are then locked out of their account forever, losing precious iCloud data such as photos of their kids.

There are some steps you can take to protect yourself, such as using a longer/more complex passcode and being very careful where you type it to ensure nobody can see over your shoulder.

But what if the phone is snatched in an unlocked state? This could happen to anyone, where I work it’s quite common for thieves on mopeds to swipe phones out of peoples hands. An unlocked iPhone is a disaster waiting to happen in the hands of a thief, it’s likely they can use your email to gain access to your iCloud account and compromise it permanently.

I was mulling this over and realised that it’s possible to construct a fairly robust defence against this using the Shortcuts app. After a bit of playing around I was able to create a shortcut that would lock the phone whenever any of a list of apps were opened. With FaceID this is a fairly minor inconvenience, just have to wait a couple of seconds for it to unlock and swipe up to continue using the app.

If you configure this to happen when the Settings app is opened you will likely likely thwart most thieves. As soon as they go to Settings to change the iCloud password they’ll be locked out of the phone and not be able to do anything with it.