Apple's iCloud syncs stolen iPhone photos to nab thief

Filed Under: Apple, Data loss, Featured, iOS, Law & order, Mobile, Privacy, Social networks

Creative Commons photo of Disney's Wonder cruise ship courtesy of Justin ChampionKaty McCaffrey *had* an iPhone. Until it was stolen aboard the Disney cruise ship Wonder on her April vacation. What to do? As is frequently the case these days, the cloud holds the answer.

After returning home sans iPhone, McCaffrey discovered that photos were showing up in her Apple iCloud account from her missing device.

Taking advantage of the openness of social media and the ability for average folks to get the word out McCaffrey decided to post the photos to Facebook in an attempt to identify the thief.

Titled "Stolen iPhone Adventures" McCaffrey posted humorous captions on the photos allegedly being posted by a crew member named Nelson. The media caught wind of the story and tens of thousands flocked to the page bringing it to the attention of Disney.

It is unclear whether Nelson was in fact the thief, or if he simply purchased the stolen phone from someone else on board the ship. It isn't looking good for him at the moment though.

A Disney spokesperson told USA Today that they had recovered the phone and have placed the crew member on administrative leave and restricted him from guest areas on the ship.

The spokesperson also stated "We have a zero-tolerance policy for this type of behavior, We are taking aggressive action."

This story does raise some legitimate concerns about smartphone safety however. If your phone is stolen, you should immediately report it stolen and cancel the service to prevent the thief from racking up a large cellular phone bill.

Find my iPhoneMcCaffrey clearly was using Apple's iCloud service, so why did she not take advantage of the remote lock/remote wipe service that is part of iCloud?

Playing amateur detective rarely works out the way it appears to have this time and even without the photos the "Find my iPhone" app would likely have allowed law enforcement to locate the thief.

It would also appear that McCaffrey did not bother to secure her phone with a password. Last summer 70% of smartphone users admitted to not using a passcode in a Sophos survey.

The good news? McCaffrey will get her iPhone back and the thief will be investigated for the crime.

The lesson? Don't take chances like McCaffrey. While this story may be entertaining, you are far better off to secure your device, ensure your data is erased if it's stolen and take advantage of our free mobile security toolkit.

Creative Commons photo of Disney's Wonder cruise ship courtesy of Justin Champion.

, , , , , , ,

You might like

23 Responses to Apple's iCloud syncs stolen iPhone photos to nab thief

  1. Alex W · 1228 days ago

    Is this a bit of Apple PR to counteract the recent story of 10 police officers wasting a day trying to find a stolen iPhone with "Find my iPhone" software enabled?

  2. lia · 1228 days ago

    why would he buy a phone on ship
    he works on ship
    hes a piece of fk!ng sh!t

  3. Not entirely feasible to use remote wipe since doing so will remove you account from the phone - rendering find my iphone useless.

  4. luis · 1228 days ago

    "Find my iPhone" app would likely have allowed law enforcement to locate the thief.
    -Police Department says its out of reach most of the time. IDK why

  5. crimson · 1227 days ago

    The lesson? Don't take chances like McCaffrey. While this story may be entertaining, you are far better off to secure your device, ensure your data is erased if it's stolen and take advantage of our free mobile security toolkit.

    --- nice... using this as an opportunity to sell your product eh ? clearly it seems that Icloud Works..

    • every time Sophos suggest someone using their FREE software someone tries to claim it a sales pitch. erm hello? you are on their webpage, they are a company, they sell stuff ... BUT in this case they are giving something away for free. Stop whining and be thankful (I have the free android app on my phone, thanks Sophos!)

  6. Derrick · 1227 days ago

    hmm... at least it is a FREE mobile security toolkit!! :)

  7. Rich · 1227 days ago

    I think the whole tone of this article is absolutely lame and disappointing. Sophos is probably the only non real person's postings that I read. This one just comes off as a douchebag sales pitch.

    • Nigel · 1227 days ago

      "...sales pitch."

      What part of "free" don't you understand?


      Spending a little too much time in front of the mirror, are you?

  8. Jon Fukumoto · 1227 days ago

    I have the Find My iPhone App installed on my iPhone. Prior to going out, I do the folllowing:

    1. Do a backup
    2. Use a complex password to unlock the phone
    3. Enable restrictions and do the following:
    A. Turn off iTunes
    B. Disable the ability to turn off the Location Services
    C. Disable the ability to make changes to my email, Calendars, and iCloud
    D. Disable In-App purchases
    E. Disable the ability to install and delete Apps
    F. Require the password to be entered for each purchase
    I also log out of iTunes. Once I do the above, my iPhone is secure. The Location Services must be enabled in order for a stolen iPhone to be located. Don't be one of those 70% who don't secure their
    smartphone. If you love your smartphone, love it enough to secure it with a complex password.

    • LAHeat · 1226 days ago

      After doing all that - why have an iPhone?

      • NetD · 1224 days ago

        Why does securing your iPhone remove the notion of owning one? You should only own one if you leave it open to the world for the taking...? I don't understand your logic or thinking at all.

  9. yup · 1227 days ago

    Yeah, yeah, sure, unfortunately McCaffry DID find her iPhone, thanks to those pics, despite the fact that she might have exposed all of her phone book and personal data to the thief. Maybe those data are of marginal value to her, as opposed to the value of her iPhone.

    Would your free mobile security toolkit do the same? Pardon my frankness, but I seriously doubt so.

    • njorl · 1227 days ago

      Marginal value to her, but what value to her contacts are their own contact details?

      Other people may be less willing to share their 'phone numbers, e. mail addresses, etc., with her, now they know where protecting their confidentiality sits in her priority stack.

  10. yup · 1227 days ago

    @Rich: nope, that is real news.

  11. Jack · 1227 days ago

    Maybe you don't have the problem that we do in the US, many people get hurt trying to find some inanimate object. Say the person did this all the time and did sell the phone to the ship person. How do you know it's (the thief) also not a murderer? This happens a lot, where we don't think anyone would kill over something stupid, it does happen. Now with "social" media, you can deduce many things from a Facebook page, including where a person might live. When people kill, sometimes it's for virtually nothing. Don't make that mistake, let the police handle it, they are prepared and have information on this person if it's a repeat offender.

    I didn't take it as a plug, I enjoyed it even if somewhat unusual.

  12. rich · 1227 days ago

    @yup I know it was real.. I was very coincidentally on that cruise. I'm only complaining about how this article centralized on how dumb she was while giving off such an obvious underlying sales pitch. It could have been treated more like news than that.

  13. A. McMillan · 1227 days ago

    When I got my smartphone, at the top of my list of apps to find and install was Lookout. I actually hadn't ever heard of it until about a week or two before our phones arrived. I do have a lock on my phone. But I feel much better knowing I also have something to scan the apps regularly and if the phone is stolen and the lock is cracked, I can log on from elsewhere and shut the whole thing down. It's genius.

  14. Patrick · 1225 days ago

    This is why I like Lookout on Android. Remote wipe, location service, and the ability to make the phone scream remotely. Figure if you leave it a 711 or something, GPS says it's there, store says its not. Hit the scream button and laugh as the clerks pocket rings. I do wish Android had the password to make purchases like Apple, my kids worry me when they play games in the car.

    • while the password can be switched on and off easily - you can set a password to stop accidental purchases on Android. i use it myself.

  15. Henry · 988 days ago

    I live in Ontario Canada and I had a fellow on my phone for 20 minutes trying to get me to buy software to help me fix my computer. Yes i believed they were legit at first cause i have beem having problems with my computer. They said they were from Microsoft and my comp. was sending out malicious files that were jaming Microsoft servers. I allowed them to take over my computer and they showed me all these curupted files and it even showed that i was hacked 4 times. Ok they finaly started their selling pitch to fix everything for $299.00 This was to be a lifetime free of anymore problems and also that I required to purchase a windows license cause mine was running on Grace time and about to expire because I had corupted their servers at Microsoft. All that was included in the fee.

  16. Henry · 988 days ago

    Continued from above!
    I began to question their athenticity and that I have never heard of anyone requiring a windows licence. He even told me that if I did not get this resolved that I would never be able to run a windows computer. I said I would clean my computer up and he said that wether I cleaned it or even went out and bought a new one, once I registered it with microsoft the computer would start messing up soon after because I no longer had a valid Windows Licence. I asked them for a phone number and said I would get a hold of Microsoft to verify the call and its legitamncy. He just got more agressive into trying me to give him my credit card so that he can start fixing my computer. i finally got off the phone turned off my computer. Well here I am and not lost a penny thank goodness. Please pass this on to others! I will.
    Henry Jan. 18 2013

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on as Chester, Chester Wisniewski on Google Plus or send him an email at