The Wall Street Journal’s Joanna Stern and Nicole Nguyen have delved into the nefarious world of passcode thieves in a comprehensive report published three days ago. The investigation sheds light on a disturbing trend of thieves surreptitiously spying on their victim’s iPhone passcode before snatching the device, thereby gaining unfettered access to sensitive data and finances.
If you are using an iPhone beware of the latest security issues
According to the report, all of the victims interviewed had their iPhones stolen while socializing at bars and other public places at night. Perpetrators deployed a range of tactics, with some forcibly grabbing the devices out of their victims’ hands, while others resorted to physical assault and intimidation to gain possession of the coveted devices. Specific examples of these harrowing experiences are documented in the report, underscoring the magnitude of the threat posed by passcode thieves.
The ramifications of passcode theft go beyond the loss of a device. In fact, a thief who gains knowledge of the iPhone’s passcode can manipulate the device in several ways. For instance, they can reset the victim’s Apple ID password through the Settings app, even if Face ID or Touch ID authentication is enabled. This allows the thief to turn off Find My iPhone, which prevents the owner of the device from tracking its location or remotely erasing it via iCloud. In addition, the thief can remove trusted Apple devices associated with the account, further locking out the victim.
The report also highlights another concerning outcome of passcode theft. By accessing an Apple ID’s contact information, the thief can set up a recovery key, effectively preventing the victim from recovering the account. The implications of this are far-reaching, as the thief can then use the victim’s Apple ID to access sensitive data, such as banking information or personal emails, and potentially cause irreparable damage.
The consequences of passcode theft are dire, as it opens the door to a range of criminal activities. Knowing an iPhone’s passcode grants a thief access to Apple Pay and Apple Cash, as well as banking apps whose passwords are stored in iCloud Keychain. Even if Face ID or Touch ID is enabled, passcode thieves can bypass these authentication methods and gain entry into the device.
The report reveals that passcode thieves can go a step further and exploit personal information stored on the device to open an Apple Card. For instance, by identifying the victim’s Social Security number from photos stored in apps like Photos or Google Drive, some thieves have successfully obtained an Apple Card.
Perhaps the most concerning aspect of passcode theft is the ability of the thief to gain access to other passwords stored in iCloud Keychain. This allows the thief to wreak havoc by potentially accessing email accounts and other sensitive information.
What’s Apple’s response?
In response to the report, an Apple spokesperson made the following statement:
“Security researchers agree that iPhone is the most secure consumer mobile device, and we work tirelessly every day to protect all our users from new and emerging threats. We sympathize with users who have had this experience and we take all attacks on our users very seriously, no matter how rare. We will continue to advance the protections to help keep user accounts secure.”
Apple did not provide any specific information regarding potential future security measures.
Stern suggested in a tweet that Apple offer additional iOS security measures and Apple ID account recovery alternatives.
This is a story about crimes happening across the country, but this is also about how Apple has put so much power in the passcode. That single string of digits allows a thief to:
🔴 Change an Apple ID password
🔴 Access iCloud keychain passwords
🔴Use Apple Pay (🧵2/7)— Joanna Stern (@JoannaStern) February 24, 2023
How to protect yourself from passcode thieves?
In response to the threat posed by passcode theft, tech journalist Joanna Stern took to Twitter to offer some practical advice to iOS users. One of the most effective ways to safeguard against passcode theft is to switch from a four-digit passcode to an alphanumeric passcode. This makes it more difficult for thieves to spy on the passcode, thereby reducing the likelihood of a successful theft. Users can change their passcode in the Settings app under Face ID & Passcode > Change Passcode. You can also visit our guide to learn more about the passcode settings.
Another effective strategy is to rely on Face ID or Touch ID as much as possible when in public, as this reduces the need to enter the passcode manually. In situations where passcode entry is necessary, users can hold their hands over the screen to obscure the passcode from prying eyes.
It is also advisable for users to consider storing bank account passwords in a password manager that does not rely on the device’s passcode. This adds an extra layer of protection, making it more difficult for thieves to gain access to sensitive financial information.
By taking these simple steps, users can protect themselves against the rising threat of passcode theft and ensure the security of their personal information.