Today’s in-depth story by Joanna Stern and Nicole Nguyen of The Wall Street Journal shows cases of burglars spying on a victim’s iPhone passcode before taking the device to get access to the device, data, and money.
All of the victims interviewed reported that their iPhones were stolen while they were out late at night in bars and other public areas. Some victims reported having their iPhones snatched away by strangers, while others reported being physically assaulted and harassed. The study includes examples of these occurrences.
Even if Face ID or Touch ID is enabled, a thief can quickly reset the victim’s Apple ID password via the Settings app if they know the iPhone’s passcode. The thief can then disable Find My iPhone on the device, preventing the owner from tracking the device’s location or wiping it remotely via iCloud. Additionally, the thief can delete other trusted Apple devices from the victim’s account to further shut them out.
The thief can also alter an Apple ID’s contact information and create a recovery key to prevent the victim from regaining access to the account.
In addition, a burglar who knows an iPhone’s passcode can use Apple Pay, send Apple Cash, and access financial apps using iCloud Keychain-stored credentials. Even if Face ID or Touch ID is enabled on an iPhone, thieves can easily circumvent these authentication mechanisms and are given with the option to enter the device’s passcode. In certain instances, the study states that criminals opened Apple Cards by locating the final four digits of the victim’s Social Security number in images stored in apps such as Photos and Google Drive.
Access to other passwords kept in iCloud Keychain enables the thief to wreak additional damage by granting them access to email accounts and other sensitive data. Overall, the report indicates that thieves can “take your complete digital existence.”
In reaction to the findings, an Apple representative stated, “Security researchers concur that the iPhone is the most secure consumer mobile device, and we work relentlessly every day to safeguard all of our users from new and emerging threats.”
The representative continued, “We sympathize with users who have had this experience, and we take all attacks on our users, no matter how infrequent, extremely seriously.” We will continue to enhance the safeguards that help maintain the security of user accounts. Apple did not provide any specific information regarding potential future security measures.
Stern suggested in a tweet that Apple offer additional iOS security measures and Apple ID account recovery alternatives.
How to Stay Protected
Stern suggested in a tweet that users convert from four-digit passcodes to alphanumeric ones, which would be harder for burglars to decipher. This may be accomplished in the Settings app by selecting Face ID & Passcode Change Passcode.
iPhone users can also utilise Face ID or Touch ID in public as frequently as possible to avoid thieves from stealing their passcode. In cases where inputting a passcode is required, users can cover their screen with their hands to conceal entry.
Consider storing the password for a bank account in a password manager that does not utilise the device’s passcode, such as 1Password.