MediaBizTech

Frankly I’m surprised any lost phones make it back to their owners at all.

Last week I found a phone on a train. It was well after 11pm and with few people around, I took the phone home, aiming to try tracking down the owner myself, else hand it in to a staffed office.

Find him I did, but the whole exercise made me really wonder how any lost iOS devices ever get returned (assuming they haven’t been stolen).

I made a short film about what happened …

… but I want to use this post to detail a little more about how it was done.

I’d been on the train since it started in Brighton, and was walking up through the carriages after we left Clapham Junction when I found the phone, so I’m guessing that’s where the owner got out in a hurry.

It was an iPhone 4S, lying on the edge of a seat . There wasn’t anyone else in that part of the carriage. It was in flight mode, so the ‘Find my iPhone’ function would have been inoperable.

I don’t have an iPhone, but I’m prepared to bet there are lost property rooms packed with dozens of lost iPhones/Pads all over the world, particularly in airports and train stations.

They are unable to be reunited with their owners because Apple’s security features make it impossible and the owners themselves haven’t planned for their possible loss.

Here are the issues:

The lockscreen

This is the first hurdle most people will fall at. Unless you know the code, you can’t get into the contacts to start ringing obvious numbers, eg. Home, or Mum/Dad.

The simplest thing here is to take a photo of your contact details and use this as your lockscreen wallpaper. It’s in the Settings menu.

I don’t know anyone who alters this.

There were a couple of other things I thought were worth trying before resorting to phone hackery.

SIM card details

I removed the SIM card and tried it in another phone. ‘Find my iPhone’ wasn’t running, but if the SIM was still enabled, the owner would hopefully try to ring their phone.

Alas, the AT&T SIM was either blocked already, or had never been enabled for the UK phone network. I also had a look for any contacts that were saved on the SIM. Nothing there either.

The hack

Now the technical bit.  Getting past the passcode is boringly unsophisticated. It’s a brute-force attack where your computer runs through every possible 4 digit combination and then tells you what the code it. It takes about 30 minutes, max.

I used the Gecko iPhone Toolkit for this.  This exploits a previous iPhone vulnerability, so you must also put the phone into firmware update mode and inject an earlier version of the firmware into the device.

The beauty of this hack is that it maintains all the existing phone data.

Once I had the code, I was immediately able to see the owner’s Facebook and Twitter accounts, so I contacted him on both.

@warrenpacific Hopefully you were feeling lucky today … I’ve found your phone! It’s missing its owner too, so msg me 🙂

— R Freeman (@robf) July 15, 2013

In the contacts. I found a number for Mum/Dad. I also saw the phone did have the icon for Find my iPhone, so I turned off the flight mode and connected the phone to my own Wifi, so the phone could start signalling home.

Finally I flicked into the Email, to find that address too. Here I struck lucky.  With Wifi now on, the phone updated the inbox and the first message to pop in there was the copy of the online form the owner had filled in with the railway company.

It had a UK number in there as a contact point. Bingo!

I rang the number, and learned that unfortunately the owner was on a plane back to the USA, but his friend Nick, (who handily lived on the same tube line as me) would come and get it straight away.

So I found the phone at 2300 on a Sunday night, and it was in Nick’s hands by 1800 on Monday. Warren, the owner got it back later that week and was mightly pleased.

For the rest of us – plan for loss

I firmly believe that most people would do the right thing and try to get the phone back to its owner. But good grief, how many people would be as geeky as me?

I suspect many phones, even finding their way to an official lost property office, just languish there.

If you have a smartphone, take a look at it and think how anyone would get it back to you if you lost it. Why not put your contact details on the lockscreen right now?

iOS users can do this by replacing their lock screen wallpapers (screenshot above) .

Android users go to Settings > Lockscreen > Owner Info (if you have Jellybean).

Settings > Security (if you have Ice Cream Sandwich).

I always invite comments, or you can tweet me @robf.