Stolen phones and lost mode

[WorkingTourist]

A few weeks ago my friend got his iPhone 6 stolen in a restaurant.

We noticed it quickly but the phone was already turned off when we tried to call it. We did setup “lost mode” via Find my iPhone.

We gave the restaurant my number so that they could call, incase the phone was found. Half an hour later, a guy calls my number and asks for Apple ID and password, explains it’s so that he can see on the internet where the phone is or some similar bullshit. He was very insisting. We went back to the place and acted like we understood the call to have been about them having found the phone, no luck, though the guy kept pressuring my friend to give his Apple ID and password.

A week later, my friend received Chinese phising emails for his Apple ID. I was convinced it was a coincidence, because how could a thief find his email address? My friend got same emails to his secondary email address, and some days later, same phising stuff sent via iMessage. So I am starting to think that it’s not a coincidence.

Question 1: Is it possible to obtain owner info (email / iMessage ID) from an iPhone in lost mode? This is puzzling to me.

This week another friend forgot her iPhone 5c in a taxa. She calls it, and this time it hadn’t been turned off, and the driver answers.

She promises him ฿3,000 in finder’s fee, waits for an hour, but he never shows up, and now the phone is turned off.

Question 2: Is there any use for an iPhone to which you do not have the Apple ID account info?

I am under the impression that in theory a locked phone should be useless without the Apple ID account password, and based on the first episode, where they clearly want the account info, it’s somewhat confirming this, but my friend claims there are shops that can bypass the lock, of course this is just hearsay, as she can’t point me to these shops.

But that a taxa driver decides to keep a two year old phone (value maybe ฿6-8,000) instead of taking the ฿3,000 finder’s fee, makes me think the phone does have value to him.

Worth mentioning that for the restaurant, I also called the next day and told them we were willing to give them a finder’s fee of ฿20,000 (I said it had precious pictures on it), they declined wanting money, but still no phone. Presumably they felt it would have been too suspicious if it suddenly turned up, so even if worthless to them, better to just sell it for spare parts than lose face by indirectly admitting to having taken it. As for the restaurant, given the setup/location, it’s highly unlikely that someone from outside the restaurant would have stolen the phone, as you have to pass a manned lobby to enter, and tables were pretty spaced out.

This topic is similar to a previous thread, here someone does say he knows someone that works in an Apple store who can disable the lock, but I need a bit more than that to be convinced, especially since if you hand in your iPhone for repairs or similar, the store will ask you to disable Find my iPhone (meant to validate that you are the true owner).

[WorkingTourist]

The iPhone that was lost in a taxa appeared on “Find my iPhone” after about 10 days.

It was not in lost mode, despite previously being pending. We re-enabled it, but it didn’t last, so it would seem the holder of the phone had obtained the lock screen PIN code.

How this was obtained is a mystery, because you can’t easily brute force it, as you get a one minute timeout after five failed tries. Though it was a 4 digit PIN and it was rather simple (1122).

Anyway, we put the phone in lost mode a third (or maybe fifth) time, but this time it asked for a 6 digit PIN to lock the phone. It could be because the thief had updated the phone to latest iOS.

Worth mentioning that all iCloud Photo Library pictures were deleted (by the thief) and many contacts were erased.

So if you lose your phone, do immediately change all your passwords!

Edit: My first post said that Find my iPhone was disabled for the phone, this was not true. I disabled Find my iPhone on the (new) replacement phone because I wanted to try and restore a backup (to get back the deleted contacts), and five minutes later, when the email was sent about Find my iPhone having been disabled, I had completely forgotten about this, and naturally assumed it was about the stolen phone…

Edited November 29, 2015 by WorkingTourist

[AlexRRR]

Ive thought about what happens if my iPhone got lost or stolen, the main concern is access to my emails, contacts and note's are the only thing i get saved to the clouds.

I don't go for find my phone and am dam sure as you found out that sooner or later people can get access to your phone even with a pin to access it off the screen.

I saved all my contacts to an address book....witten, the old fashioned way...but emails.....though a new owner is more than likely keen to scrub everything and start fresh...but you never do know who's hands the phone falls into.

Im interested to read if anyone knows of a way to kill the phone once you realise its lost, i have read a few things in the apple forum but lot of it didn't make sense to me and I'm pretty sure there are ways around it,

[WorkingTourist]

You can do a remote erase from Find my iPhone.

The “problem” is that once the phone has been erased, you lose the ability to track it.

So if you forgot the phone and there is a chance you’ll get it back, put it in lost mode. It shows a custom message and your number (with a call button).

If the phone was stolen in Thailand, it seems unlikely someone will call you back/return it, so probably just write off the phone and do a remote erase.

I do think that with the new (enforced) minimum 6 digit PIN, the ability to bypass the lock screen should be greatly diminished, especially since there is the one minute cool down period after five failed attempts. I think this period even increase with further failed attempts.

[Broken Record]

I made a reward offer in The Notes App.

If you have found this phone

Please call me at 081 *******

Reward given.

Then I done a screenshot to make a photo and made that photo my lock screen background.

[WorkingTourist]

This is basically what lost mode is for.

You can put in a custom text where you can add info about reward, and it automatically asks for a number and gives the finder a one-click call button.

Sadly it seems thieves have no interest in collecting finder fees.

[Broken Record]

Earlier this year I lost an iPhone 6, I got it back using Find my iPhone and sending a message to the finder who couldn't do anything with the phone, it was fingerprint locked and passcode, I got the phone back after pinpointing where they were and informing them they could take a reward or in 20 Minutes I'm going to the Police station with my iPad and we'll come find it, when I told them what building they were in, they eventually answered the phone, and I gave a reward for them to bring to me, they did and I got it back.

I gave 3000 Baht and got my 33,000 Baht phone back.

[Lammbock]

Seems like WorkingTourist don't know how to use Find My iPhone.

With another Apple device and none Apple device you easilie can track your phone via iCloud. (if you had it setup before)

[WorkingTourist]

Seems like WorkingTourist don't know how to use Find My iPhone.

With another Apple device and none Apple device you easilie can track your phone via iCloud. (if you had it setup before)

As I said “the phone was already turned off when we tried to call it” and for the second incident “and now the phone is turned off”.

The tracking feature you refer to only works for phones that are turned on and connected to the internet.

The first phone has never been online since it was stolen, the second phone came online after about 10 days, but only for a few minutes. I did capture the physical location both the times it went online.

[WorkingTourist]

[…] it would seem the holder of the phone had obtained the lock screen PIN code.

How this was obtained is a mystery, because you can’t easily brute force it, as you get a one minute timeout after five failed tries. Though it was a 4 digit PIN and it was rather simple (1122).

A further update: I came across IP Box which is a device to brute force iPhone PINs: “the IP Box is able to bypass this restriction by connecting directly to the iPhone’s power source and aggressively cutting the power after each failed PIN attempt, but before the attempt has been synchronized to flash memory […] it would take up to ~111 hours to bruteforce a 4 digit PIN”

I also found a list of common PIN codes where 1122 is number 15.