Reading through this and those links this seems like a significantly harmful vulnerability that’s being actively exploited.
I can’t imagine many people who _wouldn’t_ give up their phones passcode at gunpoint.
What options do we have to protect against this?
If your life is threatened a dummy passcode is likely to aggravate and make things worse.
Would MDM enrolment help here?
What are the gains here for the thieves?
Hardware that can be sold when unlocked, which needs iCloud changed — which the OP points out can be changed with just the device passcode.
Apps with FaceID (ie maybe your bank) would be safe, but they could also just force you to look at your phone.
Could there be a default 1 week countdown for removing activation lock? And automatically enable and broadcast via find my iPhone during that time?
The particular attack vector mentioned in the original post could be mitigated by not allowing users to change their iCloud password from their unlocked mobile devices without either additional Face ID verification or entering their current iCloud password.
Furthermore, the ability to log yourself out from all other devices seems more harmful than useful, too. Other than all of my other devices having been stolen, what's the potential use case here? If my iCloud password has been compromised but I still have a device that password is currently used on, why wouldn't I be want to still be logged in on that device for the time being?
Other than that, some alternative way of remotely wiping and bricking a stolen could be helpful and might work as a deterrent for thieves, too. For example, similar to how 1Password does this, Apple could allow their iCloud users to generate a master key that would authenticate in such a situation and authorize them to carry out such actions.
I can’t imagine many people who _wouldn’t_ give up their phones passcode at gunpoint.
What options do we have to protect against this?
If your life is threatened a dummy passcode is likely to aggravate and make things worse.
Would MDM enrolment help here?
What are the gains here for the thieves? Hardware that can be sold when unlocked, which needs iCloud changed — which the OP points out can be changed with just the device passcode.
Apps with FaceID (ie maybe your bank) would be safe, but they could also just force you to look at your phone.
Could there be a default 1 week countdown for removing activation lock? And automatically enable and broadcast via find my iPhone during that time?