Things the guys who stole my phone have texted me to try to get me to unlock it - Gothamist
(gothamist.com)
from 1984@lemmy.today to technology@lemmy.world on 06 Jun 04:53
https://lemmy.today/post/11679958
from 1984@lemmy.today to technology@lemmy.world on 06 Jun 04:53
https://lemmy.today/post/11679958
This is a very entertaining and educational article, giving insights into the methods used by thiefs to try and get access to your phone data.
I donât like Apple but itâs great that their security is so good when it comes to this.
threaded - newest
As much as I love my android phone, I have to admit Apple takes privacy and security much more seriously.
How so? A Samsung or pixel with default settings would also behave that way, possibly even more securely because it wouldnât show the thieves your number.
As far as I know factory resetting an android phone is relatively easy without having access to the device. But itâs been a while since Iâve looked I hti that.
I guess just anecdotally. I have a pixel 7, Iâm pretty confident I could factory reset the device without 3rd party authentication. Also, from the tech channels I follow, I think I could recover my data if I forgot the password. Android has always felt more "free"and customizable, and I love it for that. But I also think that freedom allows for more exploits. Itâs a trade off thatâs worth it to me, personally. But if I had illegal shit to hide on my phone, Iâd probably do it on an apple device.
Edit: just checked. I can completely bypass all my locked down Google Pixel settings to factory reset my phone pretty easily if I press the right keys in the right order. It would be pretty easy to steal and resell my phone.
Same for Samsung afaik. Pop into the bootloader and just wipe everything.
AFAIK you canât wipe the IMEI and if you report it stolen to providers they will block it from using their networks. (It will only be able to use wifi.)
If recently upgraded an old Samsung tablet (Tab A6 from 2016) to Lineage OS and not only do you have to remove the Google Account before flashing just the TWRP to be able to just start replacing the actual OS, but there is a configuration flag that can only be changed in the stock OS logged in to that Google Account and with Dev Mode enabled to, after you replace the OS, allow the custom OS to actually work (if you donât do it the device with the custom OS will go into a boot fail loop as soon as you restart it).
It was actually a PITA to do that upgrade of my own device because of that (I had to reinstall the old OS and log in to the old account just to toggle the âAllow OEM installâ option after which I could install Lineage OS ⌠again ⌠without the device going into a boot fail loop on the first restart)
This is on a Samsung device thatâs almost 8 years old so it would be a bit strange if they went back on it since, especially as itâs in the best interest of Samsung to make it hard for people to upgrade their devices away from the enshittified Samsung software.
Mind to share what âKeys in the right orderâ are? I mean a link, of course, because in my experience you just canât do that with a locked bootloader.
Enter recovery mode and choose factory reset. The specific key combination for your device may vary.
You think weâre still in 2010? Itâs been a while since you need to unlock the bootloader first. And no, you canât do it with the device locked.
This donât work anymore, now they have frp protection which requires google authentication to the previous account after reset
AFAIK you canât wipe the IMEI and if you report it stolen to providers they will block it from using their networks. (It will only be able to use wifi.)
For what itâs worth, theyâre trying to fix that with Android 15. Not sure if this is one of the features theyâll also be back porting to older phones too like this article briefly touches on, but either way it sounds like if you factory reset the phone, it canât be set up again unless they know your login: https://www.wired.com/story/android-15-theft-detection-lock/
Doesnât that already exist as the Factory Reset Protection (FRP) partition?
Honestly not too familiar with that. I imagine if theyâre touting this as a new thing, FRP either does something different or was lacking compared to this in some way.
Though it is Google, they could have just killed FRP in favor of this and added messaging features like they do with everything else
Yeah, Iâve had to wipe pixel devices the dirty way and it prompts (requires) your credentials to continue. Maybe itâs a pixel exclusive, and others are getting it via a15?
No, its not exclusive. But FRP can be bypassed if you know the right tools.
You can factory reset it easily. You canât use it without the previous Google account credentials afterwards. You canât reuse a stolen Pixel which has Google account logged into it.
Ding ding ding, I can confirm this. I thought it was for all devices, but I guess not.
If you do it the manual way - not unlocking the phone and doing it through settings - you can wipe it sure, but when you try to set it up it requires the prior Google account credentials to proceed. No creds, no passing go, just a shiny brick. Itâs been like that for years.
Also might I recommend you take a gander at GrapheneOS for more intense security capabilities than stock.
Not sure about the latest Android version, but I managed to unlock and bypass a phone which had factory reset protection, and as far as I know a lot of vendors like Samsung have their own exploit available.
Using this you can manage to get to the settings app (while still locked, waiting for the previous owners google account) and remove the account, add your own or disable the security.
Done!
The encryption on Android devices is pretty strong, as long as you use a good screen lock you should be fine. Yes they can reset you phone, but accessing your data is a whole other level.
If I had illegal shit on my phone, I wouldnât send it to apple servers by using an iPhone. They are the first who would comply with a surpena. Iâd use GrapheneOS on a Pixel and use an obvious duress pin like 1234. If entered it wipes your encryption keys and avoids restoring your data.
And if it gets stolen, it is gone and Iâd get a new one. This is the cost of having proper opsec.
Edit:
This is a common misconception called security through obscurity
Does it have to be a specific version Pixel? Just any Pixel?
Any of them still receiving security updates would be fine.
Im pretty sure u cant fuck with a device that has a locked bootloader without unlocking said bootloader which requires u know the password. And u definatly cant recover data without passcode unless u can extract the hash from whatever chip holds it (shouldnât be possible if u have a tpm) and bruteforce it. Ur data should be encrypted and u shouldnât be able to tamper with os without unlocking bootloader which once unlocked will wipe all device data. Might be possible if u do some dodgy power injection directly into some of the chips but thats pretty advanced stuff.
As everyone is pointing out youâre just wrong about this.
Also apple is overbearing AF. I recently had several back and forths with my IT department about an old company mac laptop I used to have. Since I had signed into my apple account once, Apple permanently tied that laptop to my account and wouldnât allow the fucking IT department to fully wipe it.
Keep in mind also that I would have preferred to not have or use an apple account (they kind of force it on you, even asking you to login to iCloud constantly even if youâve literally never used it once), and even though I could login to the apple account in my browser and see that the laptop wasnât listed under my devices, IT was still locked out.
Literally the only way to fix this was giving the IT dept my apple password so they could authenticate then sign out of it. There was nothing I could do remotely about it. This is a security issue in itself. Zero reason I shouldnât be able to use my account remotely to remove or sign that device out. Zero reason I should have to give my password to another human. Except for apple being shit.
The apple security theater is widely believed but itâs still largely theater.
Edit: before you tell me I didnât have to give up my password, understand that I fucking know that. I couldâve driven to the office, told my employer to fuck off, had them ship the laptop, etc⌠all of which are things that shouldnât be necessary. I took the least shitty option at the time. Kindly fuck off if you are so dicksloppery on apple that you canât understand the obvious point: pretending every shit decision is about security doesnât shield you from all criticism.
Your post details how it isnât possible for IT professionals to wipe a Mac without the consent of the ownerâs account. How is that security theater?
You missed the part where I had to give my password to another human.
Also, I wasnât the owner, they are. Also, again, it makes zero sense to not allow me to sign it out remotely.
Nothing is secure about a system designed so poorly you have to give out your password. That should never be needed.
Not to mention, I never wanted or needed to sign in. I was just nagged to do so 100 times so I relented. Nothing about that means I own the device.
Iâm with you that you should be able to log out remotely, but this is more of a failure in the IT department. You should have been given a PC with the apple ID already introduced, with your company mail and some password. How would they even access your PC remotely for security udpwtes if they didnât have access to your appeal id? Right, they didnât. So they gave a computer they didnât have remote access to, not properly configured, and then forced you to either move or give private information.
You are absolutely incorrect. They had remote access and I watched them use it in various ways. When troubleshooting issues they would login and move my mouse and use a virtual keyboard. They could install software remotely on a schedule.
Not sure why youâre under the impression that an apple account is required for remote management. Thereâs probably >5 different popular third party software solutions for that
The apple sign in is an extraneous unneeded piece that once they annoy you into it, it then becomes considered a sign of ownership, which I never considered, because why would I?
You are right that IT shouldâve had a way of dealing with it better, but in their defense this may have been an anti-feature (asking a user to login to iCloud, a service theyâve never used once, is not a feature) added in an update, after they issued the laptop. Itâs a small company, so I donât fault them on it as much as the trillion dollar company with the goal of inflating their iCloud metrics by forcing users to login to it.
Oh, I assumed that you would be forced to type your password or have enough rights to install stuff in a computer, be it in person or remotely, so I assumed that whatever 3rd party program they used required to have enough access, and that apple would use the apple id as a master password, given that itâs what is being used to lock down the device itself.
Well, yet another issue with apple lol, why add a ownership id if itâs not even what gives root access. Lmao.
Nah the iCloud crap is literally just another account. Up until the moment you login to it, then it silently ties the device to that account for âsecurityâ purposes. I kept emailing the IT guy back saying I donât know what I can do, I can see a list of devices here and that laptop has been removed from it.
After him asking me for help repeatedly I felt I had to just give up, give him the password on a slack call, then immediately reset it once heâd done what he needed.
Apple issue then, quite the anti feature. In any case, I hope the IT team learns from it and they create a company ID or several company IDs so this doesnât happen again haha.
You couldnât remote in to type in your password?
I donât have the type of position where that would be needed or considered appropriate. Why should I need to anyhow? A lot of people are missing the point here. Logging into a service (especially one I didnât want or need but was harassed into doing it) should not unexpectedly be considered proof of ownership.
The scenario wasnât that during os setup I was asked to login. And I wasnât prompted with a warning that this could happen. What happened was every time I opened system settings for months it wanted me to login to iCloud and no matter how many times I refused it just kept asking.
Nah - youâre complaining that you âwere forced into handing your password to someone elseâ when there were at least six ways you could have avoided that:
Finally, we release devices like this all the time through our ABM account. It takes 5 days maximum. Your IT team led you up the garden path.
You are bending over backwards to justify absolute garbage practices. I am aware there were literally other ways around this. I was more referring to being forced into a situation where Iâd even need to consider this.
Yes, I shouldnât have used my personal account⌠however I also should have never expected doing so to tell apple âI own this shit please make sure no one else can use it ever without my permissionâ. Logging into iCloud should mean âI want to use iCloudâ, which btw I NEVER wanted to do. Every time I opened system settings the piece of shit insisted I login to it. That alone is a problem. But Iâm sure youâll justify that one too.
It was a small company, as he said elsewhere, negating your first 4 options, and the last two of blaming the user are equally stupid because Apple can fix this and doesnât want to. Not everybody has an MDM tool which can set up ownership right for Apple devices - and they should not have to
Itâs shameful that you have a bunch of upvotes and heâs getting downvotes
You are the owner. For Apple, your IT department is the thief.
You should finish reading the part where the company owned the device.
The owner of the account owns the device. Itâs a standard on all smartphones and tablets for the past 10 years.
Fortunately, apple and google corporate policy != law. If a company buys a device⌠and letâs an employee use it. Thereâs no amount of rules or policy that makes it the employeeâs property. Itâs company property. If you want to claim itâs employee property then youâd at the very least be lying to the IRS as it would be considered a form of payment.
The real unfortunate part is that Apple or Google will never be incentivized to fix it because in this case you as the employee would be on the hook for âtheftâ/bricking of the device.
This is nonsense and violates a few laws in plenty of places
You didnât have to give out your password, in fact you never should. If the machine remains locked, thatâs not your problem. Your IT department should have created an admin account on the machine for IT before handing it over to you to avoid this scenario. The IT departments incompetence is not your problem.
If you wanted to unlock it as a courtesy, then they should have offered to send the laptop to you so you could unlock it. You never ever give anyone your password, and IT should know better than to ask for it.
If someone is holding a family member at gunpoint and threatening to kill them if you donât give up your password; you do NOT give up your password. If an evil mastermind is about to destroy the world, and it can only be saved by you telling your password to another person. You do NOT give your password. There is no valid reason to ever give your password to anyone.
You missed the point entirely. Harassing me into signing into iCloud shouldnât mean I ever have to do anything inconvenient at all, regardless.
I wasnât presented with a dialogue that said âlogin to establish device ownershipâ. Instead it was âlogin to iCloud nowâ dozens and dozens of times. I have never once used iCloud nor will I ever. That part alone was indefensible. But then locking the device to that account is plain stupid and reckless. There are plenty of scenarios where this fucks people worse than having to choose from a few shitty options
There is an entire screen in the initial setup that explains that the machine is added to your Find My and what that means. You probably just clicked âcontinueâ without reading.
Also, you donât have to do anything inconvenient. Itâs not your laptop so not your problem. The owner can have activation lock removed if they provide proof of ownership to Apple.
You really earn your âapple simpâ tag. You know apple doesnât give a fuck about you, actually.
And I really donât care about your invalidations of what happened to me. If by some chance I did make some other mistake besides using my personal apple account, itâs irrelevant. I do not think it should be possible to accidentally opt in to this bullshit. It is a shitty feature to force on every user. And it shouldnât be possible for an employee to render thousands of dollars worth of company hardware useless trash ready for the landfill. It shouldnât be possible intentionally, let alone by accident. If you removed the apple schlong from you mouth for a second you might see my point but you wonât.
And it isnât. Like I said before: Apple will remove the activation lock for the owner of the device. Just provide them proof of purchase.
You can request the unlock here
Ok so if I owned this machine legally but didnât have such proof, Iâm sure youâd find a way to call me a fucking idiot for that too right? It would serve me right and apple would be blameless
Yes, you would be an idiot for buying a machine worth thousands of euros and not keeping the invoice. Thatâs completely unrelated to activation lock.
It youâre a business then itâs double stupid not to keep invoices.
Surprise! Apple simp strikes again!
Buying something legally isnât enough. Apple owns the fucking thing because: security and simps say so
Nevermind that there are plenty of ways you could get into this scenario and even if it only happened once ever, Appleâs practice is bullshit, because: security and simps
I truly hope all this gargling some day leads you to accepting something even worse from these pieces of shit and and then it fucks you
Dude, youâre an idiot.
.
Itâs more about the fact that they didnât have a webpage in their apple account where they could remotely log out, and the IT department had the physical computer so they had to either move to the department or give the department their personal password, which is bogus. Being able to remotely log out of the computer doesnât seem to be that big of an ask.
I get thay the computer should remain locked if thereâs no internet, but once the computer gain connectivity it should unlock if it was logged out in the user page.
I see what youâre saying. I agree that users should be able to remove device locks remotely. You can with iPhones. Hopefully that moves to all devices.
I still prefer this to not having the lock at all.
IT was the owner and obviously consented to their own actions.
You didnât read the post.
You pretty much MUST use paid mobile device management tools to set up and administer company owned Apple hardware, and those tools are notoriously annoying and often just bad
MDM would have been used regardless of OS.
Read again - for most other devices there are cheap and often some free administration tools that small businesses can use. And for many devices they can just reinstall them. But for Apple devices pretty much everything is expensive or very limited.
I get this as being a bit of a hurdle, but wouldnât a good option in hind sight be to create a separate work related apple account based on your work email? Iâve done that in the past with various companies for iPhones and MacBooks. Makes it cleaner to return the device and doesnât compromise my personal account should they ultimately need my credentials on the non-owned-by-me device.
I eventually did do that, but apparently at the time that I was nagged into iCloud for the 1000th time I was quite annoyed and just used my personal account like an idiot.
The thing is, I never expect logging into a service to immediately lock my device to that account. But Iâve since learned not to trust Appleâs login systems for this reason. So yeah, I wonât buy any other apple devices and any work machines will use a work account for everything like that
Your âITâ couldâve literally do fresh install of MacOS. Iâm not a fan of Apple, but thatâs just silly.
Pretty sure thatâs what they were trying to do. I know for sure that on iPhones, if you ever sign in (which I think is required), wiping the phone doesnât matter, itâs still locked to that account somehow â a ROM chip on the board stores the account info somehow I think? I think their computers work the same way now.
On other systems, logging in means that: youâve logged in. And you should be right: wiping the OS should always remove any login/account status. If Apple wants to provide some system like this for people worried about theft, cool, let them opt into it. But donât force every user to.
You can fairly easily factory reset phones from both. While you can report your phone as stolen and the IMEI will be blacklisted on US carriers, it would probably work fine abroad.
For iPhones, if you have Find My turned on, you canât activate the device without the iCloud password, unless the owner removes the device from their iCloud account. Which is what the scammers are trying to get her to do here.
Sorry. When I said âboth,â I meant Google and Samsung. Apple definitely has better security, ocassionally to an annoying extent.
iPhones donât do that on their own.
She said she activated lost mode, so itâs possible/likely she made her contact info available. Asking Siri who the phone belongs to will also give up contact info, but you can change that remotely from the find my phone app.
I think - being a writer - she sort of set herself up for the interaction so she would have material. No judgment, though. It was an interesting read.
Donât think Apple security is much better. Iâve read news before about insiders that will unlock stolen phones. They work closely with the criminals and itâs a more âprofessionalâ operation. Probably itâs not as easy as doing it for an android but having an iPhone and thinking that if someone steals yours it will just become a paperweight is wrong. Sadly
Security yes, but privacy not so muchâŚ
Compared to any android phone the privacy is substantially better. Apple is in the business of selling overpriced phones. Google is in the data collection business.
Anti-libre software, iOS, bans us from proving its claims. Stop paying Apple to pre-infect our devices and spy on us too.
My devices need libre software, not a business.
You are preaching to the choir.
When it comes to privacy: GrapheneOS > iOS > android with Google.
Android itself is good. Itâs just android with Google thatâs the problem. (Aka 99.999% of all android phones sold outside of China)
They ban us from proving this. Both malware, anti-libre software, ban us from proving itâs claims.
Why do you keep posting the same thing over and over?
Their posts wonât change much, so obviously our replies donât either.
The fuck are you talking about? I feel like Iâm interacting with the borg or something.
This means when someone says âthis malware is abusing meâ the answer is always some version of âremove that malwareâ. Asking the same question a million different ways, a million different times, doesnât change its answer.
đđđ I fucking love that response
The issue here is that while baseline apple is more secure than baseline android, a user with knowledge or a guide can improve the android security by a lot, whereas the apple baseline is also the ceiling. Thereâs stuff you can do with iPhones but if you donât trust apple, you are kind of fucked.
Android people that mention security wonât be using a stock phone from the store, they will have disabled stuff, enables alternative stuff, or even installed a completely new android based OS, and this canât be done with iPhone or iOS.
True. But for 99% of people baseline is what they use. Windows can be made very secure by experts but the fact is 99% of people just use windows as is.
100% agree, just take into account that most people you encounter on lemmy, specially on posts about security, are in that 1% that tweak stuff and if you throw blanked statements they will think you are talking to them specifically.
Fair. And I see it lol. My inbox is full of people who want to argue with me.
Not true. iPhone can be locked down much more than it is out of the box, and itâs as simple as changing one setting. Lockdown mode, it significantly tightens down security of iOS at the cost of some convenience. It is not recommended for the average user, only if you expect to be targeted by highly sophisticated attackers.
That is always the case. If you donât trust the company that made the hardware, there is nothing you can do. Unless youâve got your own chip fab, there is always a level of trust involved.
Itâs not really about the hardware, is it? The option you mentioned wonât enable an alternative app store, it wonât enable access to android app emulators (which would be a huge boom in the open source app offering). The level of trust iPhone users give to appeal is wildly higher that what android users that tweak their phones give the manufacturers. It is what it is, but donât delude yourself in thinking that itâs about what they do in the kernel level, itâs about the fact that they store tons of sensitive data in their american servers and that they have an obligation to share that data with the country, and as someone from Europe that doesnât sit well with me.
Itâs about everything, thatâs the point
I donât see how that would help in any way to secure the device if you donât trust Apple.
You either trust a company or you donât. There is no grey area. If you donât control the whole thing, you donât control anything at all. A custom ROM on your Android device is not going to do anything to prevent a firmware or hardware level backdoor. Your custom ROM doesnât improve security, on the contrary. If you unlock the bootloader you break the chain of trust and all bets are off.
If you arenât using the iOS lockdown mode, itâs not really that much more private. Most stuff is still not encrypted in iCloud without that on, and apps can still track much of what you do, and Apple has their own ad networks.
Edit: has any of the downvoters actually read Appleâs (public!) security architecture documents?
If youâre talking about a stock Android OS on anything other than a Pixel, iOS wins in both regards. Stock on a Pixel, I donât know that Apple is more secure, but if youâre installing apps via Google Play that use Google Play Services, iOS is certainly more private. Vs GrapheneOS on a Pixel, iOS is less private by far.
Better than bad is not good.
Better than bad is still âbetter.â
It is if itâs LOG!
<img alt="" src="https://static.wikia.nocookie.net/renandstimpy/images/5/5d/Log!.jpg">
False, anti-libre software bans us from proving itâs claims.
You think that Google Play Services is FOSS? Or that the version of Android on Samsung phones (as well as of most other Android phone manufacturers), including all baked in software, is FOSS?
Where did I say that?
And when youâre comparing two closed source options, there are techniques available to evaluate them. Based off the results of people who have published their results from using these techniques, Apple is not as private as they claim. This is most egregious when it comes to first party apps, which is concerning. However, when it comes to using any non-Apple app, theyâre much better than Google is when using any non-Google app.
Thereâs enough overlap in skillset that pretty much anyone performing those evaluations will likely find it trivial to configure Android to be privacy-respecting - i.e., by using GrapheneOS on a Pixel or some other custom ROM - but most users are not going to do that.
And if someone is not going to do that, Android is worse for their privacy.
It doesnât make sense to say âiPhones are worse at respecting user privacy than Android phonesâ when by default and in practice for most people, the opposite is true. What we should be saying is âiPhones are better at respecting privacy by default, but if privacy is important to you, the best option is to put in a bit of extra work and install GrapheneOS on a Pixel.â
Anti-libre software, iOS, bans us from removing malicous source code. Donât let this malware infect you.
they love bricked phones because it means one less for a secondhand market
Apple has the benefit of making everything themselves, down to the secure enclave processors and, as of some time also, the processor as a whole. They get to design their hardware, OS, software, ecosystem, all around security and it all plays together nicely.
If you control everything, you can do whatever you want with it. Android phones being more of a mixed bag of different vendors making different parts of the phone, including the software components, makes this interplay much more difficult. It usually takes android quite some time before they catch up on the latest security concepts.
Android exploits are considered more valuable and expensive because theyâre harder to find. I donât know where you are getting this information other than thinking it sounds correct in your head.
What are you talking about, itâs literally the same thing on Android. Also why the shilling out of nowhere?
Lol youâre basically gaslighting yourself
Honestly Iâm scared of when these people figure out they can use llms to make their texts look like less obvious scams
Often scammers donât want to make it less obvious. If itâs obvious and the mark falls for it, itâs a good indicator theyâre on the hook and will fall for more. Itâs to filter out the less gullible so the scammer doesnât waste their time. Probably not the case with this situation specifically, but it holds true in general with scams.
Yeah :( High-value item already in hand, never a need to guide somebody which store to buy the giftcard at or what to say to the bank tellerâŚ
True. But also true is that a majority of scammers are simply not smart and/or English is not their native language. A phishing email/text that might look good to them, can look really bad to others.
But still, people still fall for the obvious phishing attacks. AI is going to make the phishing appear more legit.
On a similar note, a reason why you shouldnât respond to spam/scam texts because it basically verifies you as an active phone number. Why waste man/bot power texting numbers that may or may not exist when a majority of your texts will at least be seen by a human which will probably boost their chance
Itâs why I tell my friends not to respond even tho some of their responses are really funny
Some smarter ones I see usually range between 2-7 lines of text usually written as a time sensitive question that will affect the totally real persons social or work like
One of my favorite ones was about 5 lines of text that was posed as a date
It was like âHey Kayla itâs Mike, some short sob story about dating life, hope our first date goes well, then nonsense about dating with an address thrown in
However after the 5 lines it was in Arabic or some similar flowy characters and when I translated it continued âmikesâ story about where he was from and how oh so sad his life was
Tldr totally fishing for a pity âsorry wrong numberâ to see if my phone number would be seen by human
Whoa that was a wild ride, worth the read. Itâs a sad market that exists, great to see Appleâs privacy and security at work (as an Android user even).
Iâm not a big fan of iphones or a lot of stuff apple does anymore, but Iâm seriously considering moving back to Apple since Google keeps seeming like a worse and worse option (and Iâm just not ready to ready to move to some firmware-hacked or otherwise degooglefied Android system). Yesterdayâs article about their privacy lead getting fired/quitting and not replaced is just the latest nail.
Iâm saying this as a lifetime Linux user and decently tech competent person who knows all about the different android roms: if youâre considering it, switch to ios as soon as you can. Buy the phone outright from apple, no financing or plan.
Uhg! Itâs outta control.
<img alt="" src="https://sh.itjust.works/pictrs/image/d22a0478-ce96-4c55-acf6-61714d7033ed.jpeg">
Does anybody have ideas for an anti-pick-pocketing solution theyâd like to share? I might have to start a community for it. Or maybe you know some forums where designers who may be interested might be hanging out.
Requirements:
Lately been imagining something like this, kinda⌠not really, and with only 2-3 fins:
<img alt="" src="https://sh.itjust.works/pictrs/image/8c699da9-dfaa-43d5-9980-f33a526949db.jpeg">
so you gotta pull your phone out in a way that stretches the pocket to max width and one fin noticeably rubs against your leg.
Doesnât meet all the requirements but also thought about a long and wide strip of cloth sewn at the bottom of a pocket that you could tuck into your waistband.
Edit: aware of one existing solution but not a huge fan
<img alt="" src="https://sh.itjust.works/pictrs/image/2b6b4da1-39d7-4bcb-b8b3-f54b3eee20c7.jpeg">
Also might wanna try to just bring a cheap phone you wouldnât mind to lose just in case you do manage to lose it. Back up your data so if it does go missing youâll have the memories.
Thatâs a great idea! Thank ve thought about carrying a decoy wallet before, but a decoy phone is also a great idea
Not a bad strategy at all.
Still, hate to negotiate with terrorists. And bring home potato photos. Instead of $developing-nation-per-capita-GDP phone quality photos.
Which of course means the thieves will still be tempted! If anti-pickpocketing strategy becomes too successful, theyâll move to violent means, then a cheap phone will be a must.
Well phones are generally pretty good for taking pictures and videos. A pixel 4 or something is a pretty decent phone for example.
Oh my god, wallet chains are going to make a comeback, but for phones this time.
Next: pants sagging so much I can see 4" of crack
ahh the 00s
Velcro sewn to just inside the top of your pocket, so sticking a hand in your pocket makes a loud noise and you can feel it, for any pickpocket to separate the velcro.
Mouse trap phone case. It fulfills almost none of the requirements, but itâll be satisfying when a thief gets snapped.
Decoy phone that is actually a tazer, real phone in underwear.
Donât get them mixed upâŚ
Yeah itâs great the first time it works but then you have to spend 5 minutes looking for and assembling all the bits and pieces to set it up again.
Cargo shirts obviously. Those zippers have a purpose!
Honestly you can get a lot done just by wrapping a rubber band or two around your phone, itâll kinda catch and hold in your pocket and make it more notable if someone tries to pull it out. Works for your wallet too, and all without building a whole ass mousetrap for your pocket.
Oh dude great idea! Also if you did it with hair ties you could keep extra hair ties that way! (Albeit stretched out)
Just a phone case with a retractable tether would work fine. Put it in your pocket. Tether is out of the way, completely invisible. Pull it out, tether extends enough to use it, and reteacs when youâre done. With a clip or strap, you can attach it to just about any outfit easily enough.
Realistically, if you have to have a phone somewhere like this where pickpocketing is likely, id suggest either a cheap phone you can lose, or keeping your phone in your hand/a hand on it in your pocket.
I use a fanny pack at large events.
Many have hidden zippers for wallet and phone, and its in front of you so its hard to steal from.
Thanks, phone theft is rampant in nightclubs as well and would be great to solve for the pocket problem.
Do like these guys (who I think spend a lot of money on marketing):
<img alt="" src="https://sh.itjust.works/pictrs/image/bbb38e4d-e6b6-484f-b972-c403c8e4a92f.jpeg">
I got a cheap one from Amazon.
A key thing a look for are those little nylon pulls on the zipper handles. You can always add them to a zipper as well.
You can loop the pulls through each other to make it harder to open a zipper. I do this for backpacks since theyâre behind me. This is more of a deterrent than a lock though.
Iâll send a pic after work to describe it. (Although there are actual products but I am cheap).
It is not about accessing the data but to disassociate the current user from the phone so that the thief can reset the phone or/and itâs components for new users.
Iâm confused, in the article he said it was a brick to whoever has his stolen phone. How did they get his phone number to send him text messages? Did they crack the passcode and needed the iCloud password?
The phone itself (by IMEI) is a brick. The sim and same phone number were assigned to a new phone and they texted that number
So they took the SIM card out and got the phone number from that? I guess I didnât realize you could do that.
Yes, itâs the SIM card that carries your number and may also carry data on your contacts if you save it there.
And has had a PIN lock from the start. Doesnât help if you leave it as 1234, though.
How would you set that pin on a SIM card in an iPhone?
On iOS:
Settings > cellular > SIM PIN
Thanks!
Very welcome. Glad to help.
True, although this option loses popularity over the years.
They almost definitely got this info by simply having the IMEI, which is printed on the back and can definitely be accessed in whatever Apple calls their service mode though.
And you can use that phone number to find their full name and address.
Issue here is the iPhone 14 USA models are all e-Sim. They donât have sim cards to remove. The article says it was a iPhone 14 Pro.
Typically if you report the phone stolen to your provider they blacklist the IMEI which gets shared with other providers so the phone can no longer be used. I was unclear on this part but a new e-sim can be provided for the new phone, and the old sim banned or the old one transferred. Regardless, the old phone will still show the IMEI/sim/phone number, which is how they got that to text them
IMEI doesnât mean shit, you can easily change it and no one really blacklists them. The iPhone is bricked on a hardware level through iCloud.
I think when you remotely wipe the phone you can make it show a message with your phone number, in case youâre actually a honest person that found the phone instead of a thief.
In the response posts to the article someone said they got the icloud address via reset request which you can use in iMessage.
Not an i phone person so i canât verify but thought id pass that along.
Thatâs interesting, never thought of that as an attack vector.
*her
Man, the last threat the author received was absolutely BEGGING for the navy seal copypasta lololol
But give them one of the more obscure versions so they donât immediately realize what it is.
Whatâs this youâve said to me, my good friend? Ill have you know I graduated top of my class in conflict resolution, and Ive been involved in numerous friendly discussions, and I have over 300 confirmed friends. I am trained in polite discussions and Iâm the top mediator in the entire neighborhood. You are worth more to me than just another target. I hope we will come to have a friendship never before seen on this Earth. Donât you think you might be hurting someoneâs feelings saying that over the internet? Think about it, my friend. As we speak I am contacting my good friends across the USA and your P.O. box is being traced right now so you better prepare for the greeting cards, friend. The greeting cards that help you with your hate. You should look forward to it, friend. I can be anywhere, anytime for you, and I can calm you in over seven hundred ways, and thatâs just with my chess set. Not only am I extensively trained in conflict resolution, but I have access to the entire group of my friends and I will use them to their full extent to start our new friendship. If only you could have known what kindness and love your little comment was about to bring you, maybe you would have reached out sooner. But you couldnât, you didnât, and now we get to start a new friendship, you unique person. I will give you gifts and you might have a hard time keeping up. Youâre finally living, friend.
Hadnât seen that one before. Thatâs a good one, lol
Why doesnât anything this interesting happen to me!
As the author found out, these phones end up in Shenzhen. You can buy these burnt logic boards on the cheap and lots do just for testing. Check out Strange Parts on YT, he has soldered lots of boards and shows they sell them in bins. The grey market is the only place for them.
Also, for those that arenât familiar with how Appleâs encryption works. The OS creates a key pair when you create your account, fully encrypting the contents. The contents become garbage if the key pair cannot be matched. This means even if you donât remotely wipe the contents, the data they try to get from say recovery software or whatever, cannot be read. Itâs of course good to wipe it remotely in case they guess your PIN, but if they canât, then the data is gone forever. From a technical perspective, itâs actually pretty cool.
Android uses similar storage encryption (and you can activate encryption for an SD card if you have sensitive data on it), the encryption key is protected by a TPM or Secure Element chip or by ARM TrustZone or equivalent, it checks that the OS is unmodified before booting and the chip only gives the key to the CPU if the user enters the correct PIN
I donât âdoâ smartphones at all, I think theyâre an expensive trap â but if you have an iPhone and it gets stolen, canât you call up Apple and have them brick it, so it canât be used at all anymore? Iâd think that would be what youâd ultimately have to do if you canât get it back.
Yes. In the article she states she did exactly this.
If the guy youâre responding to could actually read, heâd be really upset.
You can bite me too, jackass.
Lol
.
.
I mean, theyâre extremely useful and cheap, if you buy the right one.
No, theyâre not, theyâre just a way for corporations to collect data from you and for the government to track you everywhere you go, and youâre footing the bill for all that.
Theyâre not useful? Iâm literally using one right now in a way that canât be done on a dumb phone. Look, I love dumb phones, and I would actually have one if my lifestyle allowed it, but I get so much value out of my smart phone itâs just not practical to use a less capable device.
Theyâre a trap, and youâre caught in it, and by the way the vast majority of people who have them just use them as an amusement device and a time-waster. Meanwhile the telecoms and app companies are invading their privacy and sucking down all their data.
You know we can have one without the other if we campaign to make their invasion of our privacy illegal, right?
Dude why even comment?
.
You sound fun at (key signing) parties
Bugger off loser
I also fucking hate Apple, with the same seething rage that redhats hate Windows, and I too must admit this is shockingly effective security.
Is it though? The author of this article knows what theyâre doing, but a regular person would probably not be as relaxed with some of the threats. I didnât see this in the article, how does the thief have the ability to contact the victim?
Oh it could be better for sure. But heâs got access to all the messages and data, getting a number at that point is probably trivial.
when you end up with someones iphone (or mac or ipad or whatever) and you want to wipe it, the computer needs you to enter the credentials of their icloud account. it tells you whose icloud credentials you need, just like having the username entered but asking for the password.
icloud usernames can be used to send imessages to the owner of the account, like you could call someone with their phone number or IM them with their screen name.
the idea is that a thief ought not be able to just wipe and repurpose a stolen device but a gifted or purchased device should provide a method to contact the person so the new owner can wipe it.
it works pretty good because if a local thief contacts you trying to get you to let them have your device you can call the cops and you already have a line of contact with the person who has the stolen goods so the police canât even say âyeah whatever, we donât care, its gone heres some tissuesâ and itâs very easy to track them down. it also works great if you buy a used device from someone and they wonât clear it to wipe because if you have a transaction record like on ebay or facebook marketplace or something you can also go to the authorities and say âhey, i bought this, hereâs proof, and the person i bought it from wonât relinquish ownership of itâ
what happens now is thieves ship a bunch of phones off to somewhere outside the juristiction of the victims governments and then they break em down to be sold for parts. now thereâs nothing the authorities can do and the thieves accomplices can try to socially engineer the victims into giving them what they want with impunity.
thatâs whats happening in the linked article, the victim is being harassed by whoever bought their phone from a thief.
Sure. My point was that exposing someone to scams like social engineering is really really bad and far less desirable than keeping an open line of communication for a purchase
Eh, I think the alternative is worse. If you could wipe stolen phones with impunity theyâd be even more of a theft and fraud target than they already are and if they were just locked down with no way out then itâd be more wasteful than it already is.
my experience with iCloud is pretty bad. I worked in a startup at some point which was giving Macs to employees and sort of expected them to figure it out. We had a few people quit and thatâs when we figured out that the macs became shiny useless things since we didnât have access to wipe the associated account and Apple didnât help in any way. So, from my experience, this is a horrible âfeatureâ.
Now i find out that itâs even worse and it gives 3rd parties means to harass you⌠I really think that avoiding theft comes at a far to high a price
lol that sucks for the company but thatâs what you get when you donât use some kind of MDM scheme to retain control over assets. Itâs especially costly to learn this lesson with Macs though.
I repair and resell scrap computers and if youâre able to prove ownership or have a business that repairs or otherwise handles Mac computers the people at the Apple Store will disable the lock for you. They take down your name and tax id and stuff though, so thereâs some accountability, and itâs not easy to get to that point when you look like a greaseball and arenât a member of apples authorized repair program. Ask me how I know lol.
Tbh itâs no different than a Chromebook or windows laptop that shows the owners email based username (in the case of windows computers with Microsoft ids it shows the users real name as well!) at the login screen, except that you canât wipe it and resell it.
As someone whoâs experienced the same thing, some of the messages I received were shockingly well written.
The fake âfind myâ site they tried to use to convince me to log into my iCloud account was wildly convincing, if not for the index.php at the end of the URL - something Apple would never configure for service endpoints.
They continued to try - but never threatening. However I never engaged and eventually they just stopped trying.
yeah and the said part is most people without the tech background would never notice the index.php in the URL, or care.
is my favorite
Oh no! Then I wonât have my phone anymore!
Wait just a secondâŚ
This made me realize, as an android user, I have no idea what Iâm supposed to do if someone steals my phone.
www.google.com/android/find/
Luckily google keeps track of your every movement by default đ
Yeah and apple doesnâtâŚ
?
hopefully you have it locked so they just wipe the data. and then you buy a new phone.
They have the same system. The phone is tied to your account and you can track, lock and erase it remotely with Googleâs Find My Device.
Luckily Iâve only had to use âfind my deviceâ whenever my phone decides to catch-up with the TV remotes under the couch cushions
We have a black coffee table and sometimes itâs just on the coffee table and Iâm like âJesus fucking Christ what is wrong with you.â. In fairness to me, itâs summer, I keep the shades drawn, keeps the temps down.
Except you can more easily wipe the os at a low level and fully factory reset the device. Thatâs not possible with iPhones.
Funny thing, even if you do that you can be prevented from initializing the device. You get a âthis phone was reset in an unusual way, sign in to the original account used for setupâ message the may or not hint at an email address. Iâve got a stack of them on my desk from former employees that Iâm trying to get back into. Pain in the ass for business, good for consumers.
You canât do that on modern phones with locked bootloader. This is the reason why manufacturers who allow bootloader unlock still donât ship phones with bootloader unlocked by default.
Afaik, that changed a while ago. Nowadays, it should still ask for the google account of the most recent owner.
yeah, factory reset protection, it wipes the user data, but will refuse to fully finish setting up the the os after the reset until the google acct is verifiedâŚ
Google has the same thing
Encrypt it with a strong password in the first placeâŚ
The article does not mention reporting it to the police. I get that 99.99% of the time, nothing will come of it, but thatâs something I would immediately do. Maybe I just donât get the rich aspect of going out and buying the newest latest model right away and forgetting about the stolen phone, even if it is theoretically still in the reach of police forces.
What are the police going to do about your phone?
âYup. It sure is gone now. Have a nice day.â
âitâs a civil issueâ
âItâs a shame about the Credenceâ
yeah, letâs invite armed thugs to your location, then piss them off by asking them to help find your precious. unless itâs for insurance purposes, leave police out. if you have 1 problem, and call police, now you have 2.
99.99% seems optimistic. Youâre gonna have to buy a new phone regardless, if itâs stolen then itâs gone. You can either wait a few days and then buy a new one, or you can just buy it right away
Why would anyone ever interact with the police unless it was absolutely required? Theyâre not gonna care about your phone, and they might shoot your dog in the process.
ACAB
You should never ever ever purposefully attempt to interact with the police.
Stop resisting!
âHello, police? Iâd like to report my phone as stolen.â
ââŚLikely story. How are you on the phone with us right now, criminal scum?!â
This is when the cops roll up and shoot your guar
this sounds like a joke but it isnât. cops have killed people who called them for help
Itâs literally a waste of my time to report it to the police. Plus I ainât speaking to the police unless Iâm under arrest and even then itâs to say no comment.
Sure if I see someone get murdered or a something serious then sure Iâll speak, but generally the police can get to fuck. Theyâre not friends and Iâve only ever had bad interactions with them.
Thereâs no point in reporting this to the police in the US. They literally do not care and will not do anything about it.
No joke my dad found a phone while on public trans on his way home from work and 2 hours later the cops showed up knocked and asked for the phone.
Owner choose not to press charges.
I live in a major US city. Who knew!