Assuming the thief want both the phone and the data (because data / your identity is very valuable these days).
If they somehow managed to get it to not auto lock after 60 sec then I’d have to change passwords on 3 different emails.
Worst thing they would have is my browser history.
They can’t transfer any money without my fingerprint or password to the app.
Somewhat fucked, but not to a terminal degree.
Privacy: The thief would gain access to graphic material of my girlfriend and I doing naked things that would confuse grandparents and excite therapists.
Security: My phone is logged into my emails l, so I’d have to react quickly to cut it off.
2fa: No issues, as I can easily migrate to a different device.
Billing: No issue. It takes 5 seconds to block the SIM.
My main concern is the short-lived email access they would gain. While the inbox does not contain anything horrible, they would be able to reset some passwords, so if my phone was stolen my number one priorities would be to get it my PC to lock out and erase the phone, change mail password, and check All of my user accounts whether they’d been compromised.
2fa: No issues, as I can easily migrate to a different device.
How exactly? This ability would seem to negate any benefit or security of multi-factor authentication.
I don’t know if you are on Android or Ios, but on Ios you can require face ID to access certain apps. My mail application also requires face ID to open.
I use Private Lock. It uses gyro to detect sudden movements and lock the phone based on that.
My phone has GraphineOS so if somebody snaches it than itll just lock and once it locks then the chance of somebody breaking in is extremely slim.
Annoyed as all hell, but not fucked at all. The phone locks itself if snatched away. A phone call, and a brief access to android lock later and now the thief has a worthless paperweight. This can happen in a matter of seconds if theft protection works, or a couple of minutes while I find someone who would lend me their phone, faster if I have my smartwatch with me. Carriers on my country also disable IMEIs across all carriers and on the whole territory when phones are reported stolen. Everything on my phone is backed up elsewhere, so I won’t actually lose much, and my data would be fairly protected. They could disassemble it and try to decrypt the storage, but good luck with that if they are not law enforcement or doesn’t have the fancy forensic toys.
My screen timeout is a minute, so they likely can’t get very far before bumping the side button or just not babysitting it for 60 seconds and needing a long password or fingerprint. Any app worth looking at needs a fingerprint as well, so even if unlocked, not super valuable short of a highly coordinated, personally targeted attack. In which case Pegasus would be easier and faster.
Plus, I always “pull over” and hold my phone with two hands when in a busy public place.
Real phone in my bag hotspotting for a burner I pull out in public is how I did things when I was paranoid.
Pretty much anything sensitive on my phone (email, finances, 2fa, passwords) is protected by Face ID. It also helps that I don’t really go to large gatherings, so the odds of my phone being swiped, while unlocked, are very slim. In public, I use my Apple Watch to view notifications, so again my phone is really not out that often. I’m not worried.
Anything worth protecting uses 2FA and they wouldn’t have my Yubikey so … yeah, I’d be fine. Annoyed, but fine.
100% fucked.
They would have to turn on airplane mode quick while they were running because as soon as it has data, I’d have their location and my phone would’ve already been marked lost / stolen by my watch and queued for factory reset.
While in airplane mode there really wouldn’t be much they could do. Anything useful is locked by Face ID. They could see my calendar and my most boring emails. They would have no passwords.
The phone itself would be useless as a phone as it couldn’t be used in another carrier.
I mean, that’s kinda the point of this question: How quickly can you issue a wipe command to your phone?
If you only have one phone no backup phones, now quickly can you access a internet device to issue a wipe command? And will you even remember the google/apple account password quickly enough in such a stressful moment?
Not a data target, but my wife was pick pocketed in Paris a few months ago. We were boarding a train to the airport and somebody yanked it from her pocket as she boarded with her hands full.
We both have iPhones. Within five minutes while sitting on the train I remotely locked her phone then wiped it. Never saw any fallout that could be attributed to somebody having access to it.
Not a data target
Someone managed to obtained a fradulent copy of my mother’s ID. We’re practically just “normies”. People think “I’m not important enough to be targeted” then identity theft happens.
This was not even from a stolen phone, it was probably from some data breach. But imagine the damage that can be done from a stolen phone.
So, the identity thief convinced the banks to add their phone number (probably a burner), but somehow they failed to do any money transfers. Then they did a sim swap by just walking into a store, but the other lines got notified and within an hour, my mother got a new sim and removed her name from the authorized account holders leaving only my dad’s name in there.
I have no idea how they didn’t manage to steal any money, I guess they didn’t think their victims would react this quickly?
Edit: And also the law enforcement is fucking useless. They said they’ll “investigate”, but haven’t heard a word back in a year. The only reason to ever file a repprt is for the police report, don’t expect the perpetrators to ever get caught.
I’ve wiped my phone more than a few times. Hurts bad.
The only thing on my phone that could do anything like that would be the SIM itself, and luckily that’d a single call I’d do right away.
I never unlock my phone if anyone is nearby. Yes, I look around first before unlocking.
deleted by creator
