The first iOS 17.3 beta rolling out to developers today includes a new "Stolen Device Protection" feature that is designed to add an additional layer of security in the event someone has stolen your iPhone and also obtained the device's passcode.
Earlier this year, The Wall Street Journal's Joanna Stern and Nicole Nguyen reported about instances of thieves spying on a victim's iPhone passcode before stealing the device, often in public places like bars. The thief can then reset the victim's Apple ID password, turn off Find My, view passwords stored in iCloud Keychain for banking and email accounts, and more. All in all, the report said thieves can essentially "steal your entire digital life."
When Stolen Device Protection is turned on, Face ID or Touch ID authentication is required for additional actions, including viewing passwords or passkeys stored in iCloud Keychain, applying for a new Apple Card, turning off Lost Mode, erasing all content and settings, using payment methods saved in Safari, and more. No passcode fallback is available in the event that the user is unable to complete Face ID or Touch ID authentication.
For especially sensitive actions, including changing the password of the Apple ID account associated with the iPhone, the feature adds a security delay on top of biometric authentication. In these cases, the user must authenticate with Face ID or Touch ID, wait one hour, and authenticate with Face ID or Touch ID again. However, Apple said there will be no delay when the iPhone is in familiar locations, such as at home or work.
The opt-in feature can be found in the Settings app under Face ID & Passcode → Stolen Device Protection. iPhone users who update to the iOS 17.3 beta will be prompted with the option to test a preview of the feature following installation, but Apple said this screen will not be shown to users who install the public version of iOS 17.3 coming later.
Actions that will require Face ID or Touch ID authentication when the feature is turned on:
- Viewing/using passwords or passkeys saved in iCloud Keychain
- Applying for a new Apple Card
- Viewing an Apple Card virtual card
- Turning off Lost Mode
- Erasing all content and settings
- Taking certain Apple Cash and Savings actions in Wallet
- Using payment methods saved in Safari
- Using your iPhone to set up a new device
Actions that will require Face ID or Touch ID authentication and have a one-hour security delay when the feature is turned on:
- Changing your Apple ID password
- Updating select Apple ID account security settings, including adding or removing a trusted device, trusted phone number, Recovery Key, or Recovery Contact
- Changing your iPhone passcode
- Adding or removing Face ID or Touch ID
- Turning off Find My
- Turning off Stolen Device Protection
Apple said it plans to share additional documentation about Stolen Device Protection over time to clarify how the feature works. The option will be available on all iPhone models that are compatible with iOS 17, including the iPhone XS and newer. iOS 17.3 will likely be released to the public in January or February.
Top Rated Comments
From earlier this year: https://www.wsj.com/video/series/joanna-stern-personal-technology/apples-iphone-passcode-problem-how-thieves-can-take-over-in-minutes/967C3B74-90D3-45EA-BAA4-4ECDBB24715D
I'm glad Apple listened to feedback on this security problem.