Offline thieves are using a low-tech trick to take over iPhones
Apple may have a lot of safeguards in place to prevent cyber criminals from breaking into your iPhone, but offline criminals appear to have found a way to outsmart the company.
The Wall Street Journal reports that thieves across America are using a low-tech trick to swindle iPhone users out of their money. The iPhone passcode and password, which are numeric and alphanumeric codes required for user authentication, and the possession of an iPhone are integral to this crime.
What happens is that a criminal or group of criminals try to find your passcode. They employ various mechanisms to do this, such as simply observing you from a distance or tricking you into revealing your passcode by befriending you in a cafe or a bar and taking your phone to snap a photo and turning it off.
Once they get to know the passcode, they simply snatch the victim's iPhone forcibly. In some cases, iPhone users were also drugged. This resulted in the death of one victim.
With the passcode known and a stolen iPhone in hand, criminals need mere minutes to block you from ever accessing your Apple account and everything attached to it, such as photos and contacts. They usually disable Find My iPhone to make it impossible for you to locate your phone and remotely wipe data. The next step is draining your financial accounts.
The passcode is a gateway to your Apple account, data, and money
Criminals use the victim's passcode to change the Apple ID password which blocks the victim's access to the account and everything stored in iCloud. Since the passcode also unlocks access to other passwords stored on a device, it grants thieves access to financial apps and services like Apple Pay, Venmo, and banking apps.
Once you get into the phone, it’s like a treasure box. This is growing. It is such an opportunistic crime. Everyone has financial apps." Alex Argiro, former New York Police Department detective
Victims had thousands of dollars stolen from them and some said Apple credit cards were opened in their name. The last four digits of the Social Security number are required for this but this information can be found in the Photos app if the victims' phone has photos of sensitive documents.
A criminal can very well target Android phone users the same way but the higher resale value of iPhones make them a more lucrative target.
WSJ says that most victims they spoke to went to the police and had their money refunded by banks and financial apps.
Many have not been able to recover their Apple ID
It's possible for thieves to change the backup email and phone number associated with an Apple ID and generate a recovery key to disable account recovery. Account recovery is a process that helps users get back into the Apple ID account when they don't have the required information to reset the password.
Apple's policy doesn't allow users back into an account if a recovery key is enabled. They also can't produce one for you.
Apple offers sympathy to affected users
Security researchers agree that iPhone is the most secure consumer mobile device, and we work tirelessly every day to protect all our users from new and emerging threats. We sympathize with users who have had this experience and we take all attacks on our users very seriously, no matter how rare. We will continue to advance the protections to help keep user accounts secure." - Apple spokeswoman.
The spokeswoman pointed out that using Face ID and Touch ID can help you protect yourself from such incidents.
Popular stories
Latest News
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: