PDA

View Full Version : How to unlock stolen iiPhone 6s...



Cr00zng
03-01-2017, 10:00 AM
Interesting article for the process of unlocking stolen iPhone 6s without credentials, scenario that a thief would use, presumably would work on other iPhones as well:

https://www.linkedin.com/pulse/sin-card-how-criminals-unlocked-stolen-iphone-6s-renato-marinho

*LinkedIn account required...

The process relies on:


Discover phone number (move the SIM card to an unlocked iPhone)
Find the full name of the iPhone owner (somewhat convoluted way in my view*)
Change the Google account password
Change the Apple ID password
Remotely lock and erase the iPhone
Set up iPhone as new by entering previous Apple ID and password

*-Convoluted since there's a simpler way to find the owner's full name. Just hold the "Home" button and ask Siri, "Who owns this phone?" as I've wrote in my comment to the article.

Without Google account, and presumably Yahoo, Microsoft, etc., with real name this process is useless.

The recommendation to prevent this are spot on, albeit somewhat inconvenient and disables features that people like:


Password protect the SIM card
Disable show notification on locked phone

And yes, you can disable Siri telling anyone who owns the phone. Or just configure Siri to show false information...

To which my better half said, "What are you, crazy??" ;D

chscag
03-01-2017, 03:06 PM
Interesting article with too many assumptions. It makes one wonder why the FBI wasn't able to unlock the San Bernadino terrorist's iPhone 5c without help from a special Israeli outfit?

harryb2448
03-01-2017, 03:26 PM
I think the better half is correct!

Why encourage iPhone thefts by giving the thief instructions?

Cr00zng
03-02-2017, 08:48 AM
I think the better half is correct!
So, you're the one who's been encouraging her! :Mischievous:


Why encourage iPhone thefts by giving the thief instructions?
Knowing what the thief knows allows better protection against theft... ;)

Easily getting the full name of the iPhone owner from a locked phone, that is actually the account name or email address at a number of cloud services, is one thing. Anyone being able to send new text, email, or call people on the contact list from a locked phone is entirely another. All one would need is any part of the full name, Siri will cycle through the contacts and finds the best match. In case of multiple matches, Siri displays options on the locked screen.

It's a convenient feature that may get the owner of the iPhone in to trouble. For some people, it is a trade off that that they can take, while others may not agree.

PS: I am still learning the iOS on iPhones, don't have one, but manage a handful of them.

pigoo3
03-02-2017, 08:54 AM
Knowing what the thief knows allows better protection against theft... ;)

It's a double-edged sword. It also educates thieves that don't yet know how to do this.

- Nick

Cr00zng
03-03-2017, 01:48 PM
It's a double-edged sword. It also educates thieves that don't yet know how to do this.

- Nick
Yes, it is, but...

Security by obscurity does not protect people for long, regardless of the platform. Knowing how systems work, what apps do and the workaround them is beneficial to the end users in my view.

After I've showed to the handful of people how to "abuse Siri" with locked screen, with the exception of one, all of them disabled Siri with the locked screen. They weren't worried about getting their iPhone stolen as much as they worried about emails and text being red/sent out without their knowledge from their phones. Each of its own I guess...

pigoo3
03-03-2017, 03:55 PM
Yes, it is, but...

Like I mentioned. It's a double-edged sword. Educating folks about this can be both helpful (for iPhone 6 owner's)...and hurtful (informing thieves that locked iPhones can actually be unlocked).

In the past...iPhone 6 owners that lost their iPhone at least felt secure that the personal info contained in thier lost iPhone 6 was not accessible by anyone. Since a locked iPhone 6 was supposed to be "unlockable".

If this is no longer true...then anyone aware of this unlocking procedure can unlock a lost iPhone 6...or a locked iPhone 6 just laying around. Whether they are a:

- curious stranger
- curious friend
- thief or criminal

And thus get access to all of the owners personal info. Of course this means more than ever...DON'T LOSE YOUR iPHONE 6!;) Or maybe don't even leave it laying around where curious (and knowledgeable) strangers or friends could get access to our iPhone 6's.

- Nick

Cr00zng
03-04-2017, 01:20 PM
@pigoo3, be gentle, I am still learning...

It's more of an issue of data and capabilities in the iCloud, than anything else it seems...

Being able to collect information from the locked iPhone via Siri enables resetting the owner's iCloud password. Once the account password reset, data in the iCloud can be viewed and features activated. This includes the "remotely lock and erase the iPhone" feature. Start up the erased iPhone, enter the iCloud UID/PWD and restore from the iCloud; anything not stored in the iCloud will be lost.

While it is true that the iPhone is as unlockable by hacking the PIN as advertised, more or less, this type of unlocking exploits the iCloud account instead. Erasing and restoring the iPhone gets rid of the previous PIN and one can be set, if so desired.

In my view, protecting the data on an iPhone or any other Apple device should include:


no valuable/critical data synced to the iCloud
disable access to Siri through locked screen


As for the "curious friends or strangers"... Yeah, they can cause significant damage with your significant other, your boss, employer, etc...

pigoo3
03-05-2017, 11:15 AM
In my view, protecting the data on an iPhone or any other Apple device should include:


no valuable/critical data synced to the iCloud


My wife and I do not use iCloud. Although iCould has it's benefits. Just seems like if data is saved all over the place (multiple locations)...there's a greater risk of those accounts being hacked (which we read about in the news all the time)...and that personal data possibly being accessed and exploited.

I would be ok with using iCould for less critical info...but would prefer to keep more personal info (financial info, passwords, SSN #'s, etc.)...more "local" only.

Thus I agree with what you mentioned. Might be better to not sync critical/valuable info to iCould.:)

- Nick

chscag
03-05-2017, 03:14 PM
I couldn't agree more with Nick. Keeping all personal information off iCloud is a wise choice. I do use iCloud to sync my contacts and also to backup our iPhones, however, our iPhones contain nothing personal or revealing about our finances, etc.

Also... not to dispute the link that this thread is about, but I find it hard to believe that the entire episode is fact. That link is more or less stating that common thieves were able to hack into an iPhone that was protected when the FBI had to employ a special Israeli outfit to crack into an iPhone 5c that belonged to a terrorist. Sorry, it just isn't believable.