The passcode that iPhone users use to unlock their devices is now making it simple for thieves to steal their data and money in public areas.
Use of low-tech trick:
The Wall Street Journal claims that thieves watch iPhone owners tap their passcodes as they steal their targets’ phones and digital lives using a remarkably low-tech trick.
A 31-year-old senior economist at a workforce intelligence startup had her iPhone 13 Pro Max stolen from a bar in Midtown Manhattan. She lost all the photos, contacts, and notes on the device, and within a day, about $10,000 had disappeared from her bank account.
As per the report, a trespasser only needed the iPhone and its passcode to quickly change the password for the iPhone owner’s Apple ID. This would prevent the victim from accessing their account or any iCloud data. “The thief can also often loot the phone’s financial apps since the passcode can unlock access to all the device’s stored passwords,” it added.
The software offers an option to force other Apple devices, like Macs or iPads, to sign out of the Apple account after the password change is complete, preventing the victim from using those devices to regain access.
Before setting a new password, the Apple software never asks the user to enter an older one. The new password will allow the burglar to turn off Find My iPhone. The ability to turn off Find My iPhone also enables the thief to sell the stolen iPhone.
Apple’s response on these incidences:
As Apple spokesperson said that iPhone is the most secure consumer mobile device, and “we work tirelessly every day to protect all our users from new and emerging threats”. “We sympathise with users who have had this experience and we take all attacks on our users very seriously, no matter how rare,” the spokesperson was quoted as saying.
“We will continue to advance the protections to help keep user accounts secure.”
Nearly all the victims had their iPhones stolen while they were out late at night socializing in public places, pubs, and bars. In each case, the iPhone owners’ access to their Apple accounts was blocked.
“They then discovered thousands of dollars in financial thefts, including some combination of Apple Pay charges, drained bank accounts linked to phone apps and money taken from PayPal’s Venmo and other money-sending apps,” the report elaborated.
The same flaw exists in Google’s Android mobile operating system, but iPhones are “a far more common target” due to their higher resale value, according to law enforcement officials.
“Our sign-in and account-recovery policies try to strike a balance between allowing legitimate users to retain access to their accounts in real-world scenarios and keeping the bad actors out,” a Google spokesperson was quoted as saying.
Apple recently made it possible to secure the Apple ID using hardware security keys, which are tiny USB dongles.
