A complicated but worrying way to take over an iPhone user’s device and lock them out of it for good seems to be on the rise.
A recent story from the Wall Street Journal says that some iPhone thieves are using a security setting called the “recovery key” to make it hard for owners to get to their photos, messages, data, and more.
Some victims also told the newspaper that when thieves got into their financial apps, their bank accounts were drained.
But it’s important to keep in mind that this kind of takeover is hard to do. It takes a thief to basically watch an iPhone user enter the device’s passcode, like by looking over their shoulder at a bar or sporting event, or to trick the device’s owner into giving up their passcode. And all of that is before they even steal the device.
From there, a thief could use the passcode to change the device’s Apple ID, turn off “Find my iPhone” so their location can’t be tracked, and then reset the recovery key, a complicated 28-digit code meant to protect its users from online hackers.
Apple needs this key to help a user reset or recover access to an Apple ID. This is to protect the user’s security, but if a thief changes it, the original owner won’t know the new code and will be locked out of the account.
“We feel bad for people who have been through this, and we take all attacks on our users, no matter how rare, very seriously,” an Apple spokesman told CNN. “We work hard every day to keep our users’ accounts and information safe, and we’re always looking into new ways to protect against threats like this one.”
On its website, Apple says, “You are responsible for keeping your trusted gadgets and recovery key accessible. If you lose both of these things, you could be locked out of your account for good.”
Jeff Pollard, VP and senior analyst at Forrester Research, said the company should offer more customer service options and “ways for Apple users to authenticate so they can reset these settings.”
For now, however, there are a few things that people can do that might keep this from happening to them.
Protect the Passcode
Step one is to keep the key safe.
CNN was told by an Apple representative that people can use Face ID or Touch ID to unlock their phones in public without giving away their PIN.
Users can also set up longer, more difficult-to-crack alphanumeric passwords. If the owner thinks someone else has seen the PIN, they should change it right away.
Screen Time Settings
Someone could also try a hack that isn’t necessarily backed by Apple but has been going around the Internet. In the iPhone’s Screen Time settings, parents can limit how their kids can use the device.
Parents can also set up a backup password that would be needed by any user before they could change their Apple ID.
If this is turned on, a thief who wants to change an Apple ID password would have to enter this backup password first.
Back up Phone Regularly
Lastly, users can protect themselves by backing up their iPhones regularly, either through iCloud or iTunes, so that data can be recovered if an iPhone is lost or stolen.
At the same time, users may want to think about storing important pictures or other sensitive files and data in another cloud service, such as Google Pictures, Microsoft OneDrive, Amazon Photos, or Dropbox.
This won’t stop a bad guy from getting into the device, but it should reduce some of the damage if that happens.