The lessons I learnt from my iPhone mugging
Yesterday, I had one of the most unpleasant experiences of my life when I was mugged at knife point in broad daylight just metres from my front door. But I learnt a lot about how I could have allowed the police to better respond to a crime like this, and the actions that I needed to take to ensure my data was safe.
What was the robber after? My iPhone, according to the police, the target of many mugging attacks.
Here’s what happened. After arriving at my nearest London Underground stop, in North West London, I walked up a side street to my house. It’s a journey I’ve made hundreds of times and never one that I have been particularly concerned about my safety during. While walking, I received a text message, which I was replying to. I have to say that given it was 10.20am, I didn’t feel particularly at risk for having done so.
I was wrong, and from nowhere, a youth on a bicycle confronted me holding a knife. “Give me your iPhone” he shouted. I wasn’t sure how to react; I looked around while shouting “leave me alone!” But as I looked I became aware that there was no one else on the street.
The youth came closer to me, I was holding the phone, but he was on his bike and I did try and run, principally because I didn’t want to actually get into physical contact with him. He started grabbing me and somehow my iPhone cover seemed to get detached from the phone, leaving him with the cover and not the phone. “Don’t be f**king stupid!” he shouted, pushing a blade close to my neck. I gave up, giving him my phone and he cycled off.
I ran home, I’m not ashamed to say, crying. When I got there I immediately phoned the police while loading my iPad. The operator told me that officers would be with me in minutes, with their own iPad so that they could use “Find My iPhone” to see if the criminal was still in the area, the operator asked for my logins so that they could start looking while driving to me. I tried myself as well, but the location services settings on the missing iPhone appeared to have been disabled.
Within minutes, two wonderfully calming police officers arrived and we went out in their car to try and identify the robber. Had he have not turned off the location settings, it may have been possible to work out where he was.
I realised that, unlike when I had my phone pick-pocketed (I seem to have a face for this sort of thing), my phone wasn’t locked when it was stolen. I had already unlocked it to reply to the message. This meant that the robber had a lot more access to my device that they would have done if it had have been locked. Indeed, when my phone was pick-pocketed in New York, police were able to find the rough location of the phone, but were unable to recover it. But even knowing the rough location was only possible because it was still continuing to beam out its location until it was switched off.
Yesterday’s attacker appeared to have immediately switched off the location services settings on the iPhone. But I’ve since learnt that it’s possible to prevent someone from doing this. In addition, it’s important to ensure that the robber doesn’t turn off functions like “Find My iPhone”.
Here’s how you do it:-
(1) Open the settings function
(2) Touch General
(3) Select Restrictions
(4) This will ask you to set a Restrictions passcode. Chose one that is different from your unlock passcode
(5) Scroll down the list of restrictions until you find “Allow Changes”
(6) Open Location
(7) Select the “Don’t Allow Changes” option
(8) Go back to the Restrictions menu and select Accounts
(9) Then chose “Don’t Allow Changes”, this stops iCloud and Find My iPhone being disabled then repeat for “Deleting Apps”
This will mean that anyone who gets hold of your phone will find it very hard to stop it beaming out a location and it stops them from disabling iCloud and Find My iPhone
Of course this sort of trick only helps if the phone is still connected to your phone network. It’s likely though that you will choose to block your SIM CARD in case someone starts making a load of expensive calls. But it will be worth keeping it connected for a little while to see if the device appears on “Find My iPhone” or on iCloud.com.
But the other key thing that I started to consider was whether the person may gain access to my personal information stored inside my iPhone. As soon as the device locked, the robber would be in theory locked out because I always use an eight digit passcode (rather than the standard 4). But if they kept playing with the phone (maybe on wifi) then they would continue to gain access to my personal information.
So I considered what I would need to do to ensure they couldn’t access anything that wasn’t stored locally on the phone. Email is a treasure trove of personal information and would have allowed the robber to effectively gain access to my PayPal, Amazon, iTune and other online billing accounts. So first off, I changed the passwords for every single email service I use.
Then I thought about social networking in particular Twitter and Facebook. Changing the password on Facebook was easy at https://www.facebook.com/settings?ref=mb. Here you also have the option to force any apps on smart phones and tablets to be automatically logged out to ensure that who ever wants to access them is really you.
Twitter was harder and was in two stages. Firstly I went to https://twitter.com/settings/password and changed my password. But then I noticed that my iPad was continuing to access my Twitter account without the new password being stored. That’s because Twitter doesn’t automatically check that an application connected to it has the correct password. So I actually asked on Twitter for advice and found this page https://twitter.com/settings/applications where I found a list of all of the applications granted permission to access my account. For the iPhone and iPad access, I selected iOS by Apple and clicked on “Revoke access”. This meant that I’d need to login again to Twitter on each Apple device I use to connect to the social network.
Of course, you may need to follow similar steps for other applications on your phone such as PayPal, eBay or Google+.
Using Find My iPhone, I did try to remotely wipe the device after the police concluded that it would be unlikely that we’d spot him. But thus far, the request has not been successful.
But when it comes to the mugging itself, what did I learn? Perhaps that I shouldn’t be using my mobile phone, while I’m mobile, out and exposed in a public place. But given that is what they are for, it seems pointless advice. I’m certainly going to be more careful about where I’m displaying it. It’s too easy to forget that when it’s in your hands, you are literally holding a £700 piece of technology. It’s so much more valuable than a wallet, particularly given that most of us don’t carry much cash, and chip and pin in theory makes it hard for thieves to use our credit and debit cards.
The other thing I learnt, is how valuable it is to have my social media community around me in a time like this. Some of my Twitter followers have been out looking for a cyclist on that street (I assume he targets it regularly), others gave me really useful advice on how to deal with the technological challenges that the incident threw up.
It also meant that my family learnt about it differently. My grandparents saw that I was attacked on their Android while looking at Facebook while shopping. One of my sisters found out when she was emailed by a friend, who had heard from a friend that I had been attacked. My sister then asked my brother-in-law if I had been tweeting about something bad, and he then forwarded her the stream of tweets. My parents found out in the more usual way, I phoned from a landline, a number no-one had actually called me on before because everyone had my iPhone number, or at least they did.
Follow @benjamincohen on Twitter.