Reprinted from TidBITS by permission; reuse governed by Creative Commons
license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary
on Apple and Internet topics. For free email subscriptions and access to the
entire TidBITS archive, visit http://www.tidbits.com/


       A Suspicious Encounter Abroad Highlights iPhone Security Features

   Adam Engst

   Last month, among all the usual email I received was an anxious missive
   from a TidBITS reader'we'll call her Beverley, largely because that's
   her name. While walking down the street in El Calafate, a tourist town
   in Patagonia, Argentina, Beverley was approached by a woman with a
   British accent who asked if she spoke English. The woman claimed she
   was looking for a hotel shuttle pickup location and showed Beverley a
   map on her phone, but it was fuzzy and hard to read.

   Being helpful, Beverley pulled out her iPhone 17 Pro and opened Maps to
   get a clearer view. While she was comparing the two maps and trying to
   locate the marked spot on the other woman's map, Beverley's iPhone
   vibrated. The woman immediately made a lighthearted comment: 'Oh look,
   I've probably shared all my contacts with you!'

   After Beverley pointed out the location (a block or so to their right),
   several other women who 'looked more local' approached. The original
   woman said to them'in English'that she had found someone who spoke
   English, thanked Beverley, and then walked off confidently to the left,
   showing none of the hesitation you might expect from someone genuinely
   lost who had just been told to go in the opposite direction. The other
   women went with her. When Beverley followed at a distance, the group
   turned a corner and quickly disappeared down an alley.

   Beverley was left with an unsettled feeling and the worry that the
   woman was trying to compromise her iPhone. Several details stood out in
   retrospect. The woman's iPhone had a white cylindrical accessory
   attached to the bottom'about half an inch in diameter and the width of
   the phone'which Beverley initially assumed was a backup battery; its
   unusual form factor raised concern later. Plus, when Beverley's iPhone
   vibrated, there was no accompanying onscreen notification, and the
   woman's comment about sharing contacts came immediately afterward, as
   though she was trying to explain it away. Finally, the woman walked in
   the opposite direction from where she'd asked for help, and the other
   women disappeared quickly as well.

   Worried, Beverley went to change her Apple Account password using her
   iPhone, but because she had Stolen Device Protection on and was in an
   unfamiliar location, she had to wait an hour after starting the task.
   Later, back at the hotel, she changed it again using her iPad to be
   doubly sure.

   That's when she wrote to me'should she change the passwords for
   important accounts, given that her potentially compromised iPhone would
   be used for authentication? Would resetting the iPhone be overkill,
   given that restoring an iCloud backup while traveling might be
   difficult? Should she contact Verizon about possible SIM cloning?
   Needless to say, traveling without a functional phone is challenging
   these days, so she was hesitant to proceed with a plan that might leave
   the iPhone in a problematic state.

What Actually Happened?

   Although I agreed that the encounter seemed sketchy, I was pretty sure
   that her iPhone hadn't been hacked. For backup, I cc'd Rich Mogull, our
   security editor. Rich confirmed that he is unaware of any attacks that
   would work on a device like that, and called the iPhone 17 Pro 'the
   most secure consumer device available,' noting that Apple has added new
   hardware protections in the latest iPhone models.

   The most likely explanation for the vibration was NameDrop, an iOS
   feature that makes it easy to transfer contact information when two
   iPhones are brought close together. NameDrop is controlled by a setting
   in Settings > General > AirDrop > Bringing Devices Together. When
   enabled, placing two iPhones close together triggers the
   contact-sharing interface. The woman's quick comment about 'sharing
   contacts' suggests she knew what had happened and was trying to
   normalize it.

   However, NameDrop should show an animation and a notification along
   with a vibration, which Beverley didn't recall seeing. In testing, I
   couldn't establish a NameDrop connection without that animation, and it
   always results in a notification or a contact poster that needs to be
   dismissed manually. This behavior occurred even on an iPhone that
   wasn't signed in to iCloud. Although Beverley later confirmed that she
   had AirDrop set to Contacts Only, I discovered that the Bringing
   Devices Together setting is independent from the AirDrop settings. That
   means iPhone proximity can initiate contact sharing even if AirDrop is
   set to Receiving Off. Even then, no information is exchanged unless you
   explicitly approve the action.

   So was this even a scam? Lost tourists often ask for navigation help,
   even in this age of online maps. If you're far from your destination in
   an unfamiliar city'or accidentally mapping to an incorrect but
   similarly named destination, mapping directions can seem very off. Rich
   Mogull even said he had a similar experience in New York City the week
   before with a tourist who was utterly lost.

   In the end, I'm left weighing two possibilities:
     * There was a scam happening, but the setup with the fuzzy map,
       targeting an English-speaking tourist, the seemingly coordinated
       group, and the quick disappearance suggests it was more likely a
       distraction technique for pickpocketing. If that was the goal,
       Beverley may have protected her valuables well enough that the
       would-be thieves gave up.
     * It was a strange but innocent interaction. Maybe the original woman
       was actually looking for the hotel shuttle pickup, but not at that
       moment, so she could walk off in the wrong direction for a
       different reason. Perhaps she asked the other women for help but
       couldn't communicate clearly enough to get an answer. They might
       have walked off in the same direction but not together, and simply
       disappeared around a corner.

   We'll never know for sure, but after several weeks back home, Beverley
   has seen no signs of malicious activity on her iPhone or online
   accounts. It seems safe to say it wasn't the sort of sophisticated, if
   fictional, attack often shown on TV and in movies. (Those also usually
   rely on USB because plugging in cables and waiting for data to download
   is more dramatic than some hypothetical wireless attack.)

What Lessons Can We Take Away?

   After learning what happened, Beverley wondered whether the lesson was
   simply not to help people while traveling. That would be a sad
   conclusion to draw. The real lesson is to help people while staying
   aware of your surroundings and protecting your belongings.

   From a technical standpoint, I hesitate to recommend anything that
   would feed unnecessary paranoia. But these settings seem reasonable:
     * Turn off proximity detection: Unless you regularly need to share
       contact information, turn off Settings > General > AirDrop >
       Bringing Devices Together. In my experience, it primarily triggers
       when transferring contact cards isn't the goal.
     * Be aware of AirDrop connectivity: In Settings > General > AirDrop,
       you can choose from Receiving Off, Contacts Only, and Everyone for
       10 Minutes. Obviously, Receiving Off is the most secure, but
       frankly, I think it's unnecessary. Contacts Only limits connections
       to people you know, and you can still reject unwanted transfers.
     * Use Face ID or Touch ID in public: If a thief sees you entering
       your passcode, that's a signal that you aren't using Stolen Device
       Protection and are thus a target for a snatch-and-run attack (see
       '[1]How a Thief with Your iPhone Passcode Can Ruin Your Digital
       Life,' 26 February 2023). It's just too easy for someone to see or
       record your passcode taps as you enter them.
     * Turn on Stolen Device Protection: Although it's bad enough to have
       a thief grab your iPhone, Stolen Device Protection will at least
       keep them out of your data and accounts. Enable it in Settings >
       Face/Touch ID & Passcode > Stolen Device Protection (for more
       details, see '[2]Turn On Stolen Device Protection in iOS 17.3,' 25
       January 2024).

   If you have an unsettling encounter similar to what Beverley
   experienced, it's worth monitoring for unusual behavior'things like
   unexpected charges, roaming or data spikes, unprompted Apple Account
   sign'in alerts, or eSIM changes. Be extra alert for phishing; don't tap
   links in urgent email or text messages'navigate directly to the website
   to verify. If nothing odd shows up in the next day or two, you're
   almost certainly safe.

   In short, modern iPhones are highly resistant to opportunistic attacks,
   and most 'weird tech moments' on the road aren't evidence of hacking.
   Stay helpful, keep proximity sharing in check, use biometrics, and stay
   alert'caution without paranoia is the right balance.

References

   1. https://tidbits.com/2023/02/26/how-a-thief-with-your-iphone-passcode-can-ruin-your-digital-life/
   2. https://tidbits.com/2024/01/25/turn-on-stolen-device-protection-in-ios-17-3/

.