Bypassing a Theft Threat Model

Thieves cut through the wall of a coffee shop to get to an Apple store, bypassing the alarms in the process.

I wrote about this kind of thing in 2000, in Secrets and Lies (page 318):

My favorite example is a band of California art thieves that would break into people’s houses by cutting a hole in their walls with a chainsaw. The attacker completely bypassed the threat model of the defender. The countermeasures that the homeowner put in place were door and window alarms; they didn’t make a difference to this attack.

The article says they took half a million dollars worth of iPhones. I don’t understand iPhone device security, but don’t they have a system of denying stolen phones access to the network?

EDITED TO ADD (4/13): A commenter says: “Locked idevices will still sell for 40-60% of their value on eBay and co, they will go to Chinese shops to be stripped for parts. A aftermarket ‘oem-quality’ iPhone 14 display is $400+ alone on ifixit.”

Tags: , , ,

Posted on April 13, 2023 at 7:22 AM20 Comments

Comments

Donald van de Weyer April 13, 2023 7:53 AM

The security control for users – activating “Find My” – is not yet active for new, still unsold (boxed) iPhones. Would be interesting to know if Apple has an inventory of individual devices not yet sold that would allow them to identify missing/stolen devices. It’s certainly possible, but will take some effort – say a device can only be activated if it marked as ‘sold’.

Gunter Königsmann April 13, 2023 9:03 AM

If they know the serial numbers of the phones that were stolen (and I believe they do) the phones have already been converted to stylish paperweights.
But perhaps the thieves only wanted spare parts for repairs or find customers that believe the phones to be working.l even after they are connected to a network.

Bear April 13, 2023 9:19 AM

The iphones are permanently locked, though there are rumors of software that can unlock iCloud. I know it was possible to do it prior to the A12 but I don’t think there’s been anything widespread since.

Locked idevices will still sell for 40-60% of their value on eBay and co, they will go to Chinese shops to be stripped for parts. A aftermarket “oem-quality” iPhone 14 display is $400+ alone on ifixit.

Siffredi April 13, 2023 9:36 AM

don’t they have a system of denying stolen phones access to the network?

Yes. But that’s typically not covered by the returns policy of thieves and youthful degenerates.

Alan April 13, 2023 9:39 AM

Possibly Apple could render the phones useless. But the thieves also deprived Apple of the possession, use, and benefit of these phones. That is still theft, even if Apple is able to prevent the thieves from cashing in on their crime.

jbmartin6 April 13, 2023 11:35 AM

Apple might prefer not to disable phones in a mass theft like this. They have already lost the hardware, but they would then get a lot of calls from end users who bought an unopened iPhone in good faith (possibly) and then tell the end users the device is useless. It might make more sense to Apple to pursue the thieves but still bring the innocent end users into their ecosystem and avoid bad publicity.

carol a. April 13, 2023 11:41 AM

The countermeasures that the homeowner put in place were door and window alarms

Growing up, I had an alarm system and a cat, so I can understand how going through a wall would bypass such a system. But I think ours was just the minimal system that would let us save money on insurance (the default PINs were never changed, the second-storey windows weren’t connected, and there was no monitoring). If not for cheapness and the cat, it would’ve been entirely standard to install motion sensors. Why would an art collector or an Apple store not have them? I doubt the thieves heated these areas to body temperature and moved extremely slowly as in the film Sneakers.

Apple could presumably do more than deny network access: they could deny access to the app store and all software updates. But maybe the stolen phones are destined for the black market of a country whose network operators or governments are not friendly with Apple or where sanctions preclude an app store.

Matt April 13, 2023 11:44 AM

“The countermeasures that the homeowner put in place were door and window alarms; they didn’t make a difference to this attack.”

Were they silent chainsaws? Because while, yes, you can bypass a door by using an extremely loud device to break through a wall, it is an extremely loud device and people will notice it.

Stuart Ward April 13, 2023 11:48 AM

don’t they have a system of denying stolen phones access to the network?

The GSMA has operated a database of stolen IMEI numbers for many years. Some governments insist that network operators use this and don’t allow listed phones onto their network. But many networks do not subscribe to this and just let any phone with a valid USIM on the network.

You can check a phone here: https://devicecheck.gsma.com/rtlapp/index#

If you are offered a phone in a pub, dial *#06# to display the IMEI and enter it to see it is reported as stolen.

Stuart Ward April 13, 2023 11:49 AM

don’t they have a system of denying stolen phones access to the network?

The GSMA has operated a database of stolen IMEI numbers for many years. Some governments insist that network operators use this and don’t allow listed phones onto their network. But many networks do not subscribe to this and just let any phone with a valid USIM on the network.

You can check a phone here: https://devicecheck.gsma.com/rtlapp/index#

If you are offered a phone in a pub, dial *#06# to display the IMEI and enter it to see it is reported as stolen.

Yeggy April 13, 2023 12:31 PM

In bypassing a threat model, one of the problems is that the defender easily projects his own priorities onto an attacker (whose perspective is different).

One of the classic examples of that was the early stages of World War II, when the British defense of Singapore was set up to defend against a frontal naval attack (the way the British would attack), with heavy guns facing the sea, and heavy naval ships.

Unfortunately, for the British, the Japanese invasion started off with air attacks sinking the ships, and then infantry attacks from Malaya that came in from behind the heavy guns. The guns were never fired, and Singapore fell quickly.

Boris April 13, 2023 12:56 PM

Concerning “don’t they have a system of denying stolen phones access to the network”:

“Once upon the time” I worked for the Russian office of an international company. Our reception got a call from a person, who bought a new iPhone, but could not activate it, and iPhone showed the message to contact the office of , so he googled for contact details and called. We got the IMEI of the phone, contacted our global mobile management team, and discovered the IMEI was enrolled to MDM buy our office in Canada, and sent by mail to remote user’s home about a month ago. Never delivered, but not listed as stolen.

We recommended the guy to return the phone to seller, and also reported the situation to Canadian office for possible report of theft. But, if the phone wasn’t enrolled to MDM, it would be possibly activated successfully. Moreover, the thief would possibly have no problem with selling the loot to “grey zone”.

Clive Robinson April 13, 2023 1:01 PM

@ Bruce,

“My favorite example is a band of California art thieves that would break into people’s houses by cutting a hole in their walls with a chainsaw.”

I’ve commented before about the way many homes are built in the US.

People put bars/grills on windows and doors, but the walls are little more than “stud work” so you can just about kick your way through…

In other parts of the world homes are actually built of “bricks and morta” and you would require a lot of effort and noise to get through them.

In some places homes are made with “stone work” that can be blocks of stone more than a foot and a half thick.

Which is why my “favourite story” comes from Israel and I was told about it by a relative of the home owner back in the 1980’s…

The home owner was a senior person in a then well known Airline and had a luxury home to match their “status”. Set in quite a large patch of land the villa style home had solid stone walls and very secure and alarmed doors and windows. The owner was also a collector of modern art and had bought well thus had pieces that had significantly appreciated in value. Somehow professional thieves found out that the premises would be empty for a couple of “vacation weeks”. The thieves solution was not to go through doors, windows or walls. No they brought in a “cherry picker” and took the villa style roof off…

As far as I’m aware none of the stolen art ever turned up, and at the time it was assumed “stolen to order” for people outside of Israel and of sufficient status to not have to worry about “law enforcment” (Basically Russian mob / oligarchs).

It is known that there is very probably a significant amount of “stolen to order” art in various Chinese Cities… for the same reasons.

Art theft is a branch of crime that realistically can not exist without the forbearance of the national law enforcment agencies, because art can not be “broken up” and retain value unlike say luxury jewelry, cars, furs, mobile phones, etc and knowledge of arts existance and in who’s possession it’s in does leak out.

Erdem Memisyazici April 13, 2023 1:39 PM

There are better security measures than simply focusing on entrances. There also were thieves who cut through ATMs with torches successfully. As with any security measure it tends to be preventative after it’s become worth preventing.

&ers April 13, 2023 5:13 PM

My favorite example is this.

hxxps://web.archive.org/web/20070515125020/https://taosecurity.blogspot.com/2006/02/bears-teach-network-security.html

Sydney, Australia April 13, 2023 11:52 PM

Hinky thinking, as Bruce would say.
The sort of feat intelligence operatives are trained to perform.
What was once described as ‘cognitive ju-jitsu’.
Also practiced by stage magicians.

The article fufills the thieves objective by describing the loot as ‘…dollars worth of Iphones.’
These are not words many of us would use adjacent in one sentence.

The thieves know that Apple perceive their phones as valuable.
Thus they made the operation appear to be focused on the phones.

The thieves were far more interested in something of significantly greater value than the phones and of inestimably greater utility.

The piece of wall they removed for ingress.

Geoffrey Louis Nicoletti April 14, 2023 11:21 AM

I have said that the first priority of a supercomputer is not the weather, DNA, or nuclear physics; it is designing the replacement of that supercomputer. I asked ChatGPT to re-design a supercomputer….got an answer…and then chatGPT denied anymore access to me. From that context I look at bypassing threat models. One does not have to shut down the entire Internet. One only has to fire one bullet at the heart instead of 187 bullets to cover the entire surface of the human body. Imagine 1 mine in your 15 acre property…many not enough to keep you from your property walk but what if there are 5 mines? What percentage of the Internet under attack undermines all the rest of it? I spelled it all out for the NSA but I am terrified of the iterations of training GPT that can smash the wall of your well-protected house when you are away at Disney World. Misinformation? Malware? Forensics is not thinking deeply enough.

Jeff April 14, 2023 12:19 PM

Back in the 1970’s, I knew the local FBI agent. He told me about a bank branch that was broken into in the same way. This branch was in a modular building, essential a double-wide mobile home. One night, thieves took a chainsaw to the walls of the building, and were able to break in.

vas pup April 14, 2023 4:41 PM

But if stolen phone could not be used then disassembling and part usage is still viable option for thieves.
Same was with stolen high valued cars.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.