Mastodawn

James Bulman Dec 12, 2022

What happens to your smartphone when it gets stolen?

I recently had my iPhone stolen while on a business trip in London and, through the wonders of Find My, have been able to track its journey in the past few weeks. I found it to be a fascinating insight to what appears to be a rather sophisticated phone theft operation and thought I'd share!

emerson Dec 11, 2022

First, the theft.

I was walking to my office and ended up waiting at a crosswalk on Oxford Street. I suppose every tourist must learn the hard way not to do this... buuut I thought I'd reply to a text and pulled out my phone. Not even 30 seconds later (literally) someone on a bicycle zoomed by and snatched my phone straight out of my hands. By the time I had processed what had happened, the person was already 2 blocks down and I knew my phone was gone.

Clearly this thief was a pro at this. :(

emerson Dec 11, 2022

Since I had iMessage open when my phone was stolen, my first panic was "oh shit my phone is unlocked." This meant they could poke around my photos, notes, text messages, Venmo, etc _if_ they kept my phone unlocked. 😬

I sprinted back to my hotel and pulled up Find My on my MacBook. I set my phone to Lost Mode and initiated a remote wipe and prayed it would go through. The Find My UI isn't particularly intuitive here, but looks like it went through a few minutes later.

(pro tip: enable Find My!)

emerson Dec 11, 2022

I was able to track my phone on Find My and watched this person zoom all around London.

It was actually crazy how fine grain the tracking was actually, I watched them go all the way down Oxford Street, through several tube stops, circle around touristy areas a couple times, etc. Having a phone stolen is panic inducing but at least this was entertaining to see.

I assume they were snatching phones from folks as naive as I and I can't imagine how many phones they must have gathered.

emerson Dec 11, 2022

Eventually they called it a night and ended up somewhere in Tottenham(?) which I presume is where they live. I stopped live tracking for the day as well.

I thought this was just some basic theft that would result in my phone getting sold on Facebook Marketplace and that would be that... but no it turned out to be far more sophisticated.

emerson Dec 11, 2022

Second, the phishing text messages.

On the second day, every one of my emergency contacts received the following text message. I opened up the URL myself and it was a full blown Find My web UI phishing page, which I assume was trying to get my Apple ID password!

For context, if an iPhone is Find My enabled and remotely wiped, it cannot be reactivated without the original Apple ID login. So unless they have my Apple ID, my phone is a brick to them. This was a step up from what I was expecting.

emerson Dec 11, 2022

I also noticed my phone had moved to a different location... which suggested this must be a coordinated theft operation. Guess this bike thief truly is a pro.

By this point I filed a police report, filed a business travel claim, and left it at that. I checked in every few days and my phone stayed in the exact same location so I assumed it had been scrapped for parts as they had not gotten my Apple ID login in over a week. But this morning...

emerson Dec 11, 2022

Third, my phone's in China...?

It's been over a month and I had long assumed my phone was scrapped. But this morning I got an email saying the Activation Lock on my stolen phone was requesting my password. Huh?

I opened up Find My to see where my phone was and... it's in Shenzhen, China? Wild. I assume this is where they must finally get to scrapping my phone (unless, god forbid, they have some way to crack the activation lock).

emerson Dec 11, 2022

I initially thought this was some basic theft where my phone gets resold as a brick to some poor soul on Facebook Marketplace... but nope, it was way more sophisticated than that with a full blown phishing attempt (using a US number too when my phone was stolen in London!!) and a final ship off to China.

As of now, these are the latest updates on my phone. Will reply with any updates if I see them. :)

emerson Dec 11, 2022

but some pro tips:
1. Enable Find My on your devices because if your device gets stolen you will sure as hell want to remotely wipe it.
2. If you're traveling, ensure you have a way to access Find My from your hotel. This could be a laptop or iPad you leave at the hotel.
3. Be wary of who you list as your emergency contacts as it appears a thief can view them even if your phone is put in Lost Mode.
4. Be wary of any text messages you receive after your phone is stolen.

emerson Dec 11, 2022

5. Do not make your phone (or anything really) a single point of failure while traveling. I normally use my phone as my hotel key and thank god I had brought my physical key card with me that day else I could not have gotten to my laptop as fast. For me, every minute my phone stayed “unlocked” meant another minute for the thief to do damage.
6. Don’t text while waiting at a crosswalk in London I guess. :)

emerson Dec 11, 2022

amusingly, a google search for “stolen iphone shenzen” brings up a surprising number of results.

sounds like it’s not uncommon for stolen iPhones (from anywhere! e.g. from music festivals in Las Vegas or a bookstore in Canada?) to end up in Shenzen

Alex Vranas Dec 11, 2022

@em0 I wouldn't be surprised if people convert stolen phones into cash at those "recycle your old phone" kiosks, and that the operators of those kiosks ship everything to Shenzen.

xs4me2 Dec 11, 2022

@em0
Wow! What a story, amazing… I will most certainly will take good care now!

Administrator Dec 11, 2022

@em0 This was absolutely fascinating -- thank you for this!

Now I'm wondering if, with all the "authentication" Apple does when it comes to spare parts applies to parts from phones that were stolen, too. (i.e., while you can't activate an iPhone that was stolen, but can you use the "official" screen or battery?)

Such as -- clearly this phone ended up in Shenzen because it's being stripped for parts, probably down to individual components, which Apple can't track.

fuomag9 Dec 11, 2022

@em0 A person I know had their iPhone stolen in France and it was sent to Libya a few days later!

Faster than express shipping

Basically it gets sold btw many parties and finally be land in china for dismantle. Multiple times when I was in china. I can get original parts for cheap. One day I had a phone iCloud locked and shop owner was saying I could get it unlocked for ridiculous amount plus one week time. Guess they have some kind of outsourcing this to others.

@em0 The network is huge. Like they can get official refurbished iPhone from factory directly and resell it. With apple warranty. (Bcz I was fooled once with that and verified it with apple Genius Bar)

Sean Boyer 🇵🇸 FREE PALESTINE Dec 11, 2022

@em0 I'm sorry you lost your phone, but thanks for the entertaining read at least! Your situation reminded me of a great episode of the podcast Reply-All about how missing phones in the US we're all reporting to be located at the one random house in the middle of nowhere in the rust belt somewhere. They got to the bottom of it! I wish they were around to help you out.

Will Pollock Dec 12, 2022

@sb @em0 this! sorry for what u went through but thanks for the rousing story!

Chuck Darwin Dec 11, 2022

@em0
Thanks 🙏🏻 for this thread. It sounds like you are 💯% more level-headed than me.

Everybody: read this thread about what happens when your #phone is #stolen - and what to do about it

Timo Grün Dec 11, 2022

@em0 Amazing story. Thanks for posting.

Jax 🎥Dec 12, 2022

@em0 Are you familiar with the story of Brother Orange? https://www.buzzfeed.com/mjs538/i-followed-my-stolen-iphone-across-the-world-became-a-celebr

John Mueller Dec 12, 2022

@MovieDivaJacki @em0 THat is hilarious!

Bill Tribble Dec 12, 2022

@em0 @MovieDivaJacki classic, killer story!

flux Dec 13, 2022

@MovieDivaJacki @em0 thanks for sharing this. I loved it!

Jen Mc 🏳️‍🌈🇦🇺Dec 14, 2022

@MovieDivaJacki @em0 OMG, what an incredible story!

Boots 2: the ReAnnamation Dec 12, 2022

@em0 thanks for sharing this! really helpful information. must remember to keep my fingers through the loop on the back of my phone case!

🇪🇺 Andrew Sinclair 🇺🇦Dec 16, 2022

@Thiefree @em0 I would be cautious about keeping your finger through the loop or you may up with a finger broken by the assailant and a lost mobile telephone! Stay safe 👍

Boots 2: the ReAnnamation Dec 16, 2022

@andrewsinclair @em0 reasonable! thanks x

Will Pollock Dec 12, 2022

@em0 that’s absolutely fascinating about stolen phones ending up in China. almost like being liberated back to their place of origin 😂

WndlB Dec 12, 2022

@em0 Thanks for this!

JC Dec 13, 2022

@em0 Yeah, Shenzen (and more broadly the Hauqiangbei subdistrict) is well known for its particularly large secondhand market for iPhones and scrapped parts. Looking around the Shennen Mid Rd. area, you can find a lot of electronic and telecommunications shops. Specifically around the area your iPhone is located at, there are a number of such stores as well. Reviews for shops around these areas (more commonly in Shennen Mid Rd.) highlight people finding their Stolen phones here.

JC Dec 13, 2022

@em0 Within close proximity to this area, there's a Foxconn assembly plant responsible for the manufacturing of iPhones, leading some to believe that Foxconn is buying up second hand parts to reassemble. This is just a theory and doesn't have much backing it up, but this Foxconn plant itself has has a less-than-stellar reputation.

JC Dec 13, 2022

@em0 Managers caught in internal embezzlement theft rings, leaking prototype devices, selling phones loaded with illegally obtained certs to turn US phones into CN ones to sell them at a larger sum, horrible working conditions, etc.

This video does a great job of explaining it, it's quite a deep topic! Hope the issue gets resolved in some form for you, too!

https://www.youtube.com/watch?v=3Ws3YptLmLQ&t=284

Inside The Illicit World Of iPhone Trafficking

YouTube

MutoKenji Dec 13, 2022

@em0 thanks for this, it is really interesting.
I am very surprised that the police couldnt act faster despite the precise tracking tool !

(also, it would be great to have this thread as a blog post 😊)

Joe_blogswa Dec 14, 2022

@em0 thank you for a interesting thread sure opens ones eyes to how its a international thing

Katja Evertz Dec 14, 2022

@em0 My purse was once stolen, including my iPhone. It turned up in Lima, Peru, a few months later. Then it disappeared entirely.

~n Dec 14, 2022

@em0 When I investigated a similar theft a while ago I went down a rabbit-hole trying to figure out who is sending those please-unlock-me messages. It turns out that this is a large scale game with well defined tasks and responsibilities to a point where you can task white label operator platforms with targeted phishing quests. There are multiple providers specializing on this. It seems clear to me that this is a million dollar industry with well engineered structure and processes.

~n Dec 15, 2022

@em0 …and with white-label I mean that there are people selling ready to use portal pages to other people customized to their desired branding who then run “we can unlock your activation-locked iphone!” schemes with the white-label operator doing all the phishing work. That’s a layer of division of labour I did not expect.

Srinivasn Subbia Dr

@em0 on th e topic of stolen phones, does anyone in the comment section or OP know how the professional theives deal with lanyards and hand loops ?? once someone tried to snatch my phone through an open car window in a red light, but coz of a handloop they couldnt. has anyone's device been stolen despite having it on a loop/lanyard ? if yes, how was it done ?

Chris Short Dec 11, 2022

@em0 Wow. I bet the iPad mini I had stolen back in 2019 had an interesting ride now.

鼻毛スライサー Dec 11, 2022

@em0 I'm sorry for your iPhone, but thanks for making such a maddening experience into an educational piece of writing!

Weston M. Binford III Dec 11, 2022

@em0 not having a single point of failure is why I moved my 2FA to #Yubikey about a year ago. Purchased two keys and use the Yubikey Authenticator app instead of Google Authenticator. Friction is highest when adding a new account since I have to update two keys, but the secret is on a physical device that I can access from any phone or computer.

magellano Dec 11, 2022

Nice @wbinford
My choice is to auto backup my 2FA app regularly on the cloud and always carry a second phone (generally my previous phone). I refuse to do any banking on my phone as that makes me too vulnerable to lost phone, etc. Maybe I need to look in #Yubikey more but i don't like hardware lock-in, which is one of the reasons I don't use Apple.
@em0

Weston M. Binford III Dec 11, 2022

@magellano @em0 My process has evolved. Originally, I used the Google Authenticator backing up the seeds to a password manager. Then I moved to Authy so that I could have 2FA across all my devices. However, to me that approach ran counter to the idea of 2FA. Everything to recreate my 2FA codes was available in the cloud with varying levels of security. With YubiKey Authenticator, I have the secret (with a backup on 2nd key), but it is a "trust no one" model. I don't keep the seeds at all.

Weston M. Binford III Dec 11, 2022

@magellano @em0 I get the worry about lock-in. I like the fact that Yubikey Authenticator is available on my phone via NFC and my computer via USB-C. I assume it works with Android and Windows as well.

Fugue State Machine Moto Dec 11, 2022

@wbinford @magellano @em0 also, Apple is adding iOS-level Yubikey support as a 2FA mechanism. ETA “early 2023”

https://www.forbes.com/sites/kateoflahertyuk/2022/12/09/apple-boosts-iphone-security-with-major-new-move/

Apple Boosts iPhone Security With Major New Move

Apple is set to boost iPhone security with a major new move.

Forbes

BonneMillie Dec 12, 2022

@cmdrmoto @wbinford Please can I be cheeky and ask for your thoughts on that as a system? For the last month I’ve been contemplating a yubikey but I haven’t pulled the trigger. From your posts here I think you’re saying that even if your phone were stolen, it’s useless for logging into any other account because you’d need the physical yubikey as well (and the password for it), is that right? (And I’m guessing, don’t store your yubikey with your phone when travelling 😂)

Fugue State Machine Moto Dec 12, 2022

@PlanetMillie @wbinford it’s not quite that good, not yet. I like to think I’m pretty technical, and I’m still slowly working my way up the learning ramp. I’m excited about the promises of support from Apple, and hope that’ll bridge the gap.

It’s a token that other infosec folks I trust have chosen to use. If you’re curious and can afford it, it can at least serve as a cyberbadass companion for your car keys. Might even learn something, if so inclined.

Fugue State Machine Moto Dec 12, 2022

@PlanetMillie @wbinford as for the iOS integration - I got a little ahead of myself with the reading there. It looks like it’s primarily intended as a 2FA mechanism for your iCloud account. And since your phone can be remote-wiped via your iCloud account, some people might logically prefer to have a stronger second factor.

Fugue State Machine Moto Dec 12, 2022

@PlanetMillie @wbinford iCloud login notifications can appear on multiple devices; if an attacker snatches your phone and your laptop (or snatches your backpack maybe?) and either one is unlocked … game over. You’re in a race to the “Find My…” page, against them changing your password.

Weston M. Binford III Dec 12, 2022

@cmdrmoto @PlanetMillie I have not solved the Apple 2FA issue. I still get notified on my devices when trying to authenticate with my Apple ID. Hopefully, their support for hardware tokens will solve it for me.

Fugue State Machine Moto Dec 12, 2022

@wbinford @PlanetMillie that’s my hope as well. I *really* wanna deactivate the six-digit-code thing; it’s a lousy second factor.

Weston M. Binford III Dec 12, 2022

@cmdrmoto @PlanetMillie My general approach is to use the Yubikey as my 2FA directly where I can (e.g. Google). For sites that support TOTP (e.g. Google Authenticator), I use Yubikey Authenticator with the private key stored on my physical key. So, if you have my phone, but not the yubikey, you can't do anything with Yubikey Authenticator.

Phil Thane ✅Dec 11, 2022

@em0 Last year, on a canal boat trip, someone got in the boat while I was working a lock and stole my laptop. It was a £200 Arm64 running Linux so I guess not worth a lot on the mean streets of south Manchester. I imagine it's at the bottom of the canal now.

Evy Dec 11, 2022

@em0 I recently watched a vid on YT regarding this China connection and it was really wild. Will try to find a link.

Evy Dec 11, 2022

@em0 Here you go, it’s a flourishing business. I’m sorry this happened to you. https://youtu.be/3Ws3YptLmLQ

Inside The Illicit World Of iPhone Trafficking

YouTube

William 🌱Dec 12, 2022

@AvenidaMK @em0 BROOOOOOOOOOO this goes deep.

Moki Awa Dec 12, 2022

@AvenidaMK @em0

Barely Sociable covered this so well. People still think no one steals an iPhone. Glad to see this video being shared.

Jen Mc 🏳️‍🌈🇦🇺Dec 14, 2022

@AvenidaMK @em0 wow!!! That was eye opening.