According to a detailed analysis by Joanna Stern and Nicole Nguyen in today’s Wall Street Journal, burglars have been known to steal an iPhone by monitoring the victim’s Passcode to access the device, data, and money.
All of the victims who were interviewed claimed that their iPhones were taken while out having fun at bars and other public locations late at night. Some victims said that strangers took their iPhones from their hands, while others claimed they were physically abused and threatened. The report gives precise instances of these occurrences.
Even if Face ID or Touch ID is turned on, a thief accessing the iPhone’s Passcode can quickly reset the victim’s Apple ID password in the Settings app. The thief can disable Find My iPhone on the target device, preventing the owner from tracking its whereabouts or remotely wiping it via iCloud. The thief can delete additional trusted Apple devices from the account to shut out the victim.
A recovery key can be set up, and the thief can change the contact information for an Apple ID to prevent the victim from getting their account back.
The situation worsens because someone who knows an iPhone’s Passcode can use Apple Pay, transmit Apple Cash, and access financial apps using passwords saved in the iCloud Keychain. The option to enter the device’s Passcode is displayed, and even if Face ID or Touch ID are activated on the iPhone, thieves can still overcome these authentication mechanisms. The research alleges that in some instances, attackers could access an Apple Card by discovering the victim’s last four Social Security numbers in photographs kept in Google Drive or Photos apps.
The thief can cause more damage if they have access to additional passwords kept in iCloud Keychain since they may also have access to email accounts and other sensitive data. According to the research, thieves can “take your entire digital existence.”
According to an Apple spokeswoman, who responded to the study, “security researchers agree that the iPhone is the most secure consumer mobile device, and we work relentlessly every day to safeguard all of our users from new and emerging threats.”
The spokesman continued, “We sympathize with users who have gone through this, and we take such attacks on our users extremely seriously, no matter how seldom.” “We will continue improving the safeguards to assist in maintaining the security of user accounts.” Regarding any upcoming security-related actions, Apple did not offer any specifics.
Stern tweeted that Apple strengthened iOS security and provided more ways to retrieve an Apple ID account.
Stern advised users to convert from a four-digit passcode to an alphanumeric one in a tweet because it would be harder for criminals to eavesdrop. You can do this by selecting Face ID & Passcode Edit Passcode in the Settings app.
To prevent burglars from monitoring their Passcode, iPhone owners should utilize Face ID or Touch ID as frequently as possible when in public. Users can cover their screens with their hands when inputting a passcode is required to prevent prying eyes from seeing it.
Consider using a password manager like 1Password, which doesn’t require the device’s Passcode, to save the password for a bank account.