Assuming the thief want both the phone and the data (because data / your identity is very valuable these days).
My phone has GraphineOS so if somebody snaches it than itll just lock and once it locks then the chance of somebody breaking in is extremely slim.
Set a tasty duress PIN on it
I did :3
Annoyed as all hell, but not fucked at all. The phone locks itself if snatched away. A phone call, and a brief access to android lock later and now the thief has a worthless paperweight. This can happen in a matter of seconds if theft protection works, or a couple of minutes while I find someone who would lend me their phone, faster if I have my smartwatch with me. Carriers on my country also disable IMEIs across all carriers and on the whole territory when phones are reported stolen. Everything on my phone is backed up elsewhere, so I won’t actually lose much, and my data would be fairly protected. They could disassemble it and try to decrypt the storage, but good luck with that if they are not law enforcement or doesn’t have the fancy forensic toys.
My phone/Android is supposed to have theft protection, meaning it will lock itself if it detects a fast movement like it being snatched out of my hand. If that doesn’t work, I’d have to get home to lock it I guess.
Somewhat fucked, but not to a terminal degree.
Privacy: The thief would gain access to graphic material of my girlfriend and I doing naked things that would confuse grandparents and excite therapists.
Security: My phone is logged into my emails l, so I’d have to react quickly to cut it off.
2fa: No issues, as I can easily migrate to a different device.
Billing: No issue. It takes 5 seconds to block the SIM.
My main concern is the short-lived email access they would gain. While the inbox does not contain anything horrible, they would be able to reset some passwords, so if my phone was stolen my number one priorities would be to get it my PC to lock out and erase the phone, change mail password, and check All of my user accounts whether they’d been compromised.
2fa: No issues, as I can easily migrate to a different device.
How exactly? This ability would seem to negate any benefit or security of multi-factor authentication.
I don’t know if you are on Android or Ios, but on Ios you can require face ID to access certain apps. My mail application also requires face ID to open.
If they somehow managed to get it to not auto lock after 60 sec then I’d have to change passwords on 3 different emails.
Worst thing they would have is my browser history.
They can’t transfer any money without my fingerprint or password to the app.
Not a data target, but my wife was pick pocketed in Paris a few months ago. We were boarding a train to the airport and somebody yanked it from her pocket as she boarded with her hands full.
We both have iPhones. Within five minutes while sitting on the train I remotely locked her phone then wiped it. Never saw any fallout that could be attributed to somebody having access to it.
Not a data target
Someone managed to obtained a fradulent copy of my mother’s ID. We’re practically just “normies”. People think “I’m not important enough to be targeted” then identity theft happens.
This was not even from a stolen phone, it was probably from some data breach. But imagine the damage that can be done from a stolen phone.
So, the identity thief convinced the banks to add their phone number (probably a burner), but somehow they failed to do any money transfers. Then they did a sim swap by just walking into a store, but the other lines got notified and within an hour, my mother got a new sim and removed her name from the authorized account holders leaving only my dad’s name in there.
I have no idea how they didn’t manage to steal any money, I guess they didn’t think their victims would react this quickly?
Edit: And also the law enforcement is fucking useless. They said they’ll “investigate”, but haven’t heard a word back in a year. The only reason to ever file a repprt is for the police report, don’t expect the perpetrators to ever get caught.
I’ve wiped my phone more than a few times. Hurts bad.
I use Private Lock. It uses gyro to detect sudden movements and lock the phone based on that.
I run my own NAS and Nextcloud server. Most of the data on my phone is synced there.
So I am somewhat prepared for the loss of my phone, but not really for the possibility of someone else using it (accounts etc).
This is such an important distinction to make. Being able to wipe the phone would require a second device, so unless you are with someone who has access to that phone, you have to wait until you get home to initiate it.
Iirc my pixel has a “in case your phone is stolen from you” automation. Though I don’t know the mechanics of how it works.
Yeah, I couldn’t get into my account on someone else’s phone to wipe/trace down my phone. As I believe I’d need 2 factor authentication. Which while mobile I can’t do without my phone. I’d have to wait till I got home and a device id previously been logged into.
For Android, it looks like you can go to https://android.com/lock and use your phone number to lock your phone.
No MFA required. But this has to be enabled on your phone in order for it to work.
Interesting, that’s good to know. I immediately tried to lock the woman’s phone next to me by using her number, she didn’t have it turned on either. I have an odd feeling someone is going to write a script that locks someone’s phone screen at random intervals throughout the day. Schedule it as a task whenever they log into their work computer so you can watch them struggle with it throughout the day then end the task when they lock their screen/log off.
I actually had the same reaction and so I looked into it. The threat is pretty low.
Worst case scenario is that you’re working on something critical and your phone gets locked. You unlock it with PIN and move on. According to the docs, this can only be done a few times a day (iirc twice. I’m too lazy to look it up again. It’s 2am and I should be sleeping 😅)
If it gets annoying, you could turn it off until the attacker moves on.
More realistically, you’re on Lemmy while in the bathroom and you just have to unlock your phone.
If it happens with some level of regularity, I’m sure Google would either rate-limit the attacker or the phone number.
My screen timeout is a minute, so they likely can’t get very far before bumping the side button or just not babysitting it for 60 seconds and needing a long password or fingerprint. Any app worth looking at needs a fingerprint as well, so even if unlocked, not super valuable short of a highly coordinated, personally targeted attack. In which case Pegasus would be easier and faster.
Plus, I always “pull over” and hold my phone with two hands when in a busy public place.
Pretty much anything sensitive on my phone (email, finances, 2fa, passwords) is protected by Face ID. It also helps that I don’t really go to large gatherings, so the odds of my phone being swiped, while unlocked, are very slim. In public, I use my Apple Watch to view notifications, so again my phone is really not out that often. I’m not worried.
Little macro running on my phone, that as soon as my smartwatch gets out of range, it locks the screen. Add the ability to format via wasted remotely, and we are set. The only way to disable internet/ actvate airplane mode is to insert the password if the screen is locked. Also I’ve never checked, but if graphene has a dead man’s switch, not even poweing off would keep the data intact.
Little macro running on my phone, that as soon as my smartwatch gets out of range, it locks the screen.
How do you do that?
Not the parent commentor, but I do something very similar with Tasker. Whenever my phone disconnects from one of a list of Bluetooth connections (like my watch or my car) or even if it just gets a solid jolt to the accelerometers, it goes into lockdown mode. This means the screen gets locked and biometrics can no longer be used to unlock it, requiring the entering of a PIN code to unlock.
I remember doing something weird with automate to make it work, but i don’t exactly remember what i did. Since it’ been so long.
100% fucked.
Depends on how you look at it. By and large screwed until I get it remotely locked maybe. On the other hand I only have a smarthphone for work reasons and it mostly stays at home and if I have it out its for its phone function and a thief would be hard pressed to find a point where I had it unlocked.
Anything worth protecting uses 2FA and they wouldn’t have my Yubikey so … yeah, I’d be fine. Annoyed, but fine.
They would have to turn on airplane mode quick while they were running because as soon as it has data, I’d have their location and my phone would’ve already been marked lost / stolen by my watch and queued for factory reset.
While in airplane mode there really wouldn’t be much they could do. Anything useful is locked by Face ID. They could see my calendar and my most boring emails. They would have no passwords.
The phone itself would be useless as a phone as it couldn’t be used in another carrier.
I mean, that’s kinda the point of this question: How quickly can you issue a wipe command to your phone?
If you only have one phone no backup phones, now quickly can you access a internet device to issue a wipe command? And will you even remember the google/apple account password quickly enough in such a stressful moment?
