New Protective Measures and Potential Risks The security of iPhone PINs is under scrutiny as they are sufficient to change the Apple ID password. This allows taking over various Apple services and locking out the original owner. Although with iOS 17.3, users are not necessarily required to know the old password with the iPhone PIN, there are new security measures in place.
With the activation of "Stolen Device Protection," users will only have access to crucial iPhone functions through biometrics. Additionally, there is an hour-long delay before changes to vital security features are allowed. The fallback on the iPhone PIN is thus discontinued to ensure increased security. However, for the sake of convenience, Apple has included an exception: At so-called "important locations," such as one's own home or office, the hour-long delay does not apply, and the fallback to the PIN remains possible there. This has been reported by beta testers. "Important locations" are automatically captured by the iPhone to provide location-based services.
Manual configuration of these locations is currently not provided, and there are still detection issues in the beta. A possible attack scenario with active "Stolen Device Protection" could look like this: A thief steals the iPhone with the spied PIN, checks the owner's address in the iPhone – which many users may have in their address book – and quickly goes to their home. From there, the criminal can take over the Apple ID seamlessly and without waiting, with all the mentioned consequences.
It remains to be seen whether Apple is aware of this potential threat and will take measures against it – iOS 17.3 is expected to be released in January.
Stay ahead of the wave