Apple iPhone security feature locks victims out of their stolen phones

One iPhone feature is enabling thieves to break into stolen iPhone units looking to drain money from users' bank accounts and blocking victims from finding their stolen devices. The Wall Street Journal today reports how a feature on the phone called the recovery key has been a tool used by bad actors and helps lock legitimate iPhone owners out of their handsets. The Journal mentioned how Greg Frasca, an iPhone owner, has been locked out of his phone since October.

Frasca said that he would be willing to fly to Apple's headquarters in Cupertino and bring proof of his identity. He also said that he would pay $10,000 to get control of his iPhone back. That's because the phone has eight years of photos of his daughters. What happened to Mr. Frasca is something that has occurred to too many iPhone users. Thieves stole his iPhone 14 Pro at a Chicago bar and used his passcode to change Frasca's Apple ID password. But they made sure that Greg would never be able to regain control over his stolen iPhone by enabling the recovery key.

The recovery key was launched by Apple in 2020. When the feature is enabled, the randomly-generated 28-digit "recovery key" needs to be provided when a user changes his Apple ID password. But if an iPhone is stolen and in the possession of the bad guys, enabling the recovery key will lock out the legitimate owner of the purloined phone. And without that recovery key and the phone, there is nothing that Frasca can do.

An Apple spokesman says, "We sympathize with people who have had this experience and we take all attacks on our users very seriously, no matter how rare. We work tirelessly every day to protect our users' accounts and data, and are always investigating additional protections against emerging threats like this one."

The security key is generated on an iPhone and iPad by following these directions:

Keep in mind that when you generate a recovery key, you cannot use account recovery to get back into your Apple account. With account recovery, a user can reset his Apple ID password even if he/she doesn't have enough information to do so. With the recovery key, an iPhone owner whose device has been stolen or lost can remotely change his/her Apple ID password by using the recovery key, a trusted phone number, and an Apple device.

But even Apple admits that losing the recovery key means "you could be locked out of your account permanently." And crowded bars are the perfect spot for these crimes to be committed. Frasca, like many victims of phone theft, had his iPhone stolen at a bar where there are so many eyes looking around trying to sport a user's passcode. Once the passcode is stolen, the thief figures out a way to steal the phone itself.

With the passcode and the phone, the thieves can turn on the recovery key and lock out the legitimate owner. And if the security key has already been generated, a new one can be created. Either way, the iPhone owner cannot get back into his account. Or should we say the owner is not supposed to get back into the account, but one did.

Terry Allen had his iPhone 13 Pro stolen last summer in New York and like Mr. Frasca, his phone contained important pictures of relatives. After calling Apple for months, he finally came across a sympathetic Apple rep who asked other questions to verify Allen's identity. Apple disabled the security key and Mr. Allen was able to change his password. "I just got lucky," he said, but he now backs up his photos.

There are some suggestions such as using a complex passcode in case you can't use Face ID. This can be done by going to Settings > Face ID & Passcode > Change Passcode. The best suggestion is to hold on to your security key and your phone.