this post was submitted on 06 Jun 2024
910 points (97.9% liked)

Technology

59414 readers
3119 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

This is a very entertaining and educational article, giving insights into the methods used by thiefs to try and get access to your phone data.

I don't like Apple but it's great that their security is so good when it comes to this.

top 50 comments
sorted by: hot top controversial new old
[–] boyi@lemmy.sdf.org 159 points 5 months ago

the methods used by thiefs to try and get access to your phone data.

It is not about accessing the data but to disassociate the current user from the phone so that the thief can reset the phone or/and it's components for new users.

[–] Nurse_Robot@lemmy.world 143 points 5 months ago (8 children)

As much as I love my android phone, I have to admit Apple takes privacy and security much more seriously.

[–] themoonisacheese@sh.itjust.works 84 points 5 months ago (6 children)

How so? A Samsung or pixel with default settings would also behave that way, possibly even more securely because it wouldn't show the thieves your number.

[–] Nurse_Robot@lemmy.world 45 points 5 months ago* (last edited 5 months ago) (50 children)

I guess just anecdotally. I have a pixel 7, I'm pretty confident I could factory reset the device without 3rd party authentication. Also, from the tech channels I follow, I think I could recover my data if I forgot the password. Android has always felt more "free"and customizable, and I love it for that. But I also think that freedom allows for more exploits. It's a trade off that's worth it to me, personally. But if I had illegal shit to hide on my phone, I'd probably do it on an apple device.

Edit: just checked. I can completely bypass all my locked down Google Pixel settings to factory reset my phone pretty easily if I press the right keys in the right order. It would be pretty easy to steal and resell my phone.

[–] wreckedcarzz@lemmy.world 43 points 5 months ago (1 children)

If you do it the manual way - not unlocking the phone and doing it through settings - you can wipe it sure, but when you try to set it up it requires the prior Google account credentials to proceed. No creds, no passing go, just a shiny brick. It's been like that for years.

Also might I recommend you take a gander at GrapheneOS for more intense security capabilities than stock.

load more comments (1 replies)
[–] avidamoeba@lemmy.ca 32 points 5 months ago (1 children)

You can factory reset it easily. You can't use it without the previous Google account credentials afterwards. You can't reuse a stolen Pixel which has Google account logged into it.

load more comments (1 replies)
[–] Thatuserguy@lemmy.world 14 points 5 months ago (4 children)

For what it's worth, they're trying to fix that with Android 15. Not sure if this is one of the features they'll also be back porting to older phones too like this article briefly touches on, but either way it sounds like if you factory reset the phone, it can't be set up again unless they know your login: https://www.wired.com/story/android-15-theft-detection-lock/

Google says in a blog post, the company is adding four data protection features that can help keep your information locked down. The first stops your phone from being set up after a factory reset, unless the person knows your login details. “This renders a stolen device unsellable, reducing incentives for phone theft,” Google vice president Suzanne Frey writes.

load more comments (4 replies)
[–] Yamayo@lemmy.world 13 points 5 months ago (3 children)

Edit: just checked. I can completely bypass all my locked down Google Pixel settings to factory reset my phone pretty easily if I press the right keys in the right order. It would be pretty easy to steal and resell my phone.

Mind to share what "Keys in the right order" are? I mean a link, of course, because in my experience you just can't do that with a locked bootloader.

load more comments (3 replies)
load more comments (46 replies)
[–] Monument@lemmy.sdf.org 26 points 5 months ago* (last edited 5 months ago)

iPhones don’t do that on their own.

She said she activated lost mode, so it’s possible/likely she made her contact info available. Asking Siri who the phone belongs to will also give up contact info, but you can change that remotely from the find my phone app.

I think - being a writer - she sort of set herself up for the interaction so she would have material. No judgment, though. It was an interesting read.

load more comments (4 replies)
[–] 0x0@programming.dev 63 points 5 months ago (3 children)

Security yes, but privacy not so much...

[–] hedgehog@ttrpg.network 30 points 5 months ago (7 children)

If you’re talking about a stock Android OS on anything other than a Pixel, iOS wins in both regards. Stock on a Pixel, I don’t know that Apple is more secure, but if you’re installing apps via Google Play that use Google Play Services, iOS is certainly more private. Vs GrapheneOS on a Pixel, iOS is less private by far.

load more comments (7 replies)
[–] mholiv@lemmy.world 25 points 5 months ago (10 children)

Compared to any android phone the privacy is substantially better. Apple is in the business of selling overpriced phones. Google is in the data collection business.

[–] fushuan@lemm.ee 16 points 5 months ago* (last edited 5 months ago) (6 children)

The issue here is that while baseline apple is more secure than baseline android, a user with knowledge or a guide can improve the android security by a lot, whereas the apple baseline is also the ceiling. There's stuff you can do with iPhones but if you don't trust apple, you are kind of fucked.

Android people that mention security won't be using a stock phone from the store, they will have disabled stuff, enables alternative stuff, or even installed a completely new android based OS, and this can't be done with iPhone or iOS.

load more comments (6 replies)
load more comments (9 replies)
load more comments (1 replies)
load more comments (6 replies)
[–] gravitas_deficiency@sh.itjust.works 82 points 5 months ago (1 children)

Man, the last threat the author received was absolutely BEGGING for the navy seal copypasta lololol

[–] AngryCommieKender@lemmy.world 21 points 5 months ago (1 children)

But give them one of the more obscure versions so they don't immediately realize what it is.

[–] Tenkard@lemmy.ml 72 points 5 months ago (1 children)

What's this you've said to me, my good friend? Ill have you know I graduated top of my class in conflict resolution, and Ive been involved in numerous friendly discussions, and I have over 300 confirmed friends. I am trained in polite discussions and I'm the top mediator in the entire neighborhood. You are worth more to me than just another target. I hope we will come to have a friendship never before seen on this Earth. Don't you think you might be hurting someone's feelings saying that over the internet? Think about it, my friend. As we speak I am contacting my good friends across the USA and your P.O. box is being traced right now so you better prepare for the greeting cards, friend. The greeting cards that help you with your hate. You should look forward to it, friend. I can be anywhere, anytime for you, and I can calm you in over seven hundred ways, and that's just with my chess set. Not only am I extensively trained in conflict resolution, but I have access to the entire group of my friends and I will use them to their full extent to start our new friendship. If only you could have known what kindness and love your little comment was about to bring you, maybe you would have reached out sooner. But you couldn't, you didn't, and now we get to start a new friendship, you unique person. I will give you gifts and you might have a hard time keeping up. You're finally living, friend.

load more comments (1 replies)
[–] morrowind@lemmy.ml 72 points 5 months ago (1 children)

Honestly I'm scared of when these people figure out they can use llms to make their texts look like less obvious scams

[–] Dipbeneaththelasers@lemmy.today 87 points 5 months ago (3 children)

Often scammers don't want to make it less obvious. If it's obvious and the mark falls for it, it's a good indicator they're on the hook and will fall for more. It's to filter out the less gullible so the scammer doesn't waste their time. Probably not the case with this situation specifically, but it holds true in general with scams.

[–] MeekerThanBeaker@lemmy.world 22 points 5 months ago

True. But also true is that a majority of scammers are simply not smart and/or English is not their native language. A phishing email/text that might look good to them, can look really bad to others.

But still, people still fall for the obvious phishing attacks. AI is going to make the phishing appear more legit.

load more comments (2 replies)
[–] mx_smith@lemmy.world 55 points 5 months ago (3 children)

I’m confused, in the article he said it was a brick to whoever has his stolen phone. How did they get his phone number to send him text messages? Did they crack the passcode and needed the iCloud password?

[–] jonne@infosec.pub 60 points 5 months ago (1 children)

I think when you remotely wipe the phone you can make it show a message with your phone number, in case you're actually a honest person that found the phone instead of a thief.

[–] Dashi@lemmy.world 23 points 5 months ago* (last edited 5 months ago) (1 children)

In the response posts to the article someone said they got the icloud address via reset request which you can use in iMessage.

Not an i phone person so i can't verify but thought id pass that along.

load more comments (1 replies)
[–] jjagaimo@lemmy.ca 28 points 5 months ago (11 children)

The phone itself (by IMEI) is a brick. The sim and same phone number were assigned to a new phone and they texted that number

[–] Xatolos@reddthat.com 20 points 5 months ago (1 children)

Issue here is the iPhone 14 USA models are all e-Sim. They don't have sim cards to remove. The article says it was a iPhone 14 Pro.

[–] jjagaimo@lemmy.ca 20 points 5 months ago* (last edited 5 months ago) (1 children)

Typically if you report the phone stolen to your provider they blacklist the IMEI which gets shared with other providers so the phone can no longer be used. I was unclear on this part but a new e-sim can be provided for the new phone, and the old sim banned or the old one transferred. Regardless, the old phone will still show the IMEI/sim/phone number, which is how they got that to text them

load more comments (1 replies)
load more comments (10 replies)
[–] nadiaraven@lemmy.world 14 points 5 months ago
[–] Aralakh@lemmy.ca 46 points 5 months ago (2 children)

Whoa that was a wild ride, worth the read. It's a sad market that exists, great to see Apple's privacy and security at work (as an Android user even).

load more comments (2 replies)
[–] Zoboomafoo 41 points 5 months ago (1 children)

Someone's going to sell your phone on the black market

is my favorite

[–] Delusional@lemmy.world 33 points 5 months ago

Oh no! Then I won't have my phone anymore!

Wait just a second....

[–] ultratiem@lemmy.ca 40 points 5 months ago (1 children)

Why doesn’t anything this interesting happen to me!

As the author found out, these phones end up in Shenzhen. You can buy these burnt logic boards on the cheap and lots do just for testing. Check out Strange Parts on YT, he has soldered lots of boards and shows they sell them in bins. The grey market is the only place for them.

Also, for those that aren’t familiar with how Apple’s encryption works. The OS creates a key pair when you create your account, fully encrypting the contents. The contents become garbage if the key pair cannot be matched. This means even if you don’t remotely wipe the contents, the data they try to get from say recovery software or whatever, cannot be read. It’s of course good to wipe it remotely in case they guess your PIN, but if they can’t, then the data is gone forever. From a technical perspective, it’s actually pretty cool.

[–] Natanael 22 points 5 months ago

Android uses similar storage encryption (and you can activate encryption for an SD card if you have sensitive data on it), the encryption key is protected by a TPM or Secure Element chip or by ARM TrustZone or equivalent, it checks that the OS is unmodified before booting and the chip only gives the key to the CPU if the user enters the correct PIN

[–] Opisek@lemmy.world 36 points 5 months ago* (last edited 5 months ago) (11 children)

The article does not mention reporting it to the police. I get that 99.99% of the time, nothing will come of it, but that's something I would immediately do. Maybe I just don't get the rich aspect of going out and buying the newest latest model right away and forgetting about the stolen phone, even if it is theoretically still in the reach of police forces.

[–] TachyonTele@lemm.ee 24 points 5 months ago* (last edited 5 months ago) (2 children)

What are the police going to do about your phone?

"Yup. It sure is gone now. Have a nice day."

load more comments (2 replies)
[–] FermatsLastAccount@lemmy.world 17 points 5 months ago

99.99% seems optimistic. You're gonna have to buy a new phone regardless, if it's stolen then it's gone. You can either wait a few days and then buy a new one, or you can just buy it right away

It’s literally a waste of my time to report it to the police. Plus I ain’t speaking to the police unless I’m under arrest and even then it’s to say no comment.

Sure if I see someone get murdered or a something serious then sure I’ll speak, but generally the police can get to fuck. They’re not friends and I’ve only ever had bad interactions with them.

load more comments (8 replies)
[–] thatsnothowyoudoit@lemmy.ca 34 points 5 months ago* (last edited 5 months ago) (1 children)

As someone who’s experienced the same thing, some of the messages I received were shockingly well written.

The fake “find my” site they tried to use to convince me to log into my iCloud account was wildly convincing, if not for the index.php at the end of the URL - something Apple would never configure for service endpoints.

They continued to try - but never threatening. However I never engaged and eventually they just stopped trying.

[–] AllHailTheSheep@sh.itjust.works 21 points 5 months ago

yeah and the said part is most people without the tech background would never notice the index.php in the URL, or care.

[–] BeMoreCareful@lemmy.world 29 points 5 months ago (8 children)

This made me realize, as an android user, I have no idea what I'm supposed to do if someone steals my phone.

[–] potustheplant@feddit.nl 38 points 5 months ago (6 children)

They have the same system. The phone is tied to your account and you can track, lock and erase it remotely with Google's Find My Device.

[–] 0ops@lemm.ee 18 points 5 months ago (1 children)

Luckily I've only had to use "find my device" whenever my phone decides to catch-up with the TV remotes under the couch cushions

load more comments (1 replies)
load more comments (5 replies)
load more comments (7 replies)
[–] brbposting@sh.itjust.works 25 points 5 months ago* (last edited 5 months ago) (13 children)

Uhg! It’s outta control.

Does anybody have ideas for an anti-pick-pocketing solution they'd like to share? I might have to start a community for it. Or maybe you know some forums where designers who may be interested might be hanging out.

Requirements:

  • retrofit almost any front pants/shorts pocket
  • allow for near instant access (allowing for e.g. snapping a photo before the moment passes)
  • one-handed access
  • mechanical/passive: non-battery operated or fails in “unlocked” mode
  • if not locked to owner’s hand (or say a finger-worn key), makes removal feel obvious
  • automatically resets (resilient & inebriated person approved)
  • ideally works with any phone case
  • relatively inexpensive, and potentially even open source and/or 3D printable

Lately been imagining something like this, kinda… not really, and with only 2-3 fins:

so you gotta pull your phone out in a way that stretches the pocket to max width and one fin noticeably rubs against your leg.

Doesn’t meet all the requirements but also thought about a long and wide strip of cloth sewn at the bottom of a pocket that you could tuck into your waistband.

Edit: aware of one existing solution but not a huge fan

[–] MossyFeathers@pawb.social 31 points 5 months ago (1 children)

Oh my god, wallet chains are going to make a comeback, but for phones this time.

load more comments (1 replies)
[–] Red_October@lemmy.world 26 points 5 months ago (1 children)

Honestly you can get a lot done just by wrapping a rubber band or two around your phone, it'll kinda catch and hold in your pocket and make it more notable if someone tries to pull it out. Works for your wallet too, and all without building a whole ass mousetrap for your pocket.

load more comments (1 replies)
[–] kablammy@sh.itjust.works 16 points 5 months ago

Velcro sewn to just inside the top of your pocket, so sticking a hand in your pocket makes a loud noise and you can feel it, for any pickpocket to separate the velcro.

[–] SkyezOpen@lemmy.world 15 points 5 months ago (3 children)

Mouse trap phone case. It fulfills almost none of the requirements, but it'll be satisfying when a thief gets snapped.

load more comments (3 replies)
load more comments (9 replies)
[–] Wogi@lemmy.world 23 points 5 months ago (7 children)

I also fucking hate Apple, with the same seething rage that redhats hate Windows, and I too must admit this is shockingly effective security.

load more comments (7 replies)
load more comments
view more: next ›