A concerning trend is emerging where iPhone thieves employ a complex method to take control of a user’s iPhone, permanently locking them out of their own device.
According to a recent report by The Wall Street Journal, some iPhone thieves are exploiting a security setting known as the recovery key. This manipulation makes it nearly impossible for owners to access their photos, messages, and other data. Some victims even reported financial losses as the thieves gained access to their bank accounts through financial apps.
It’s crucial to understand that executing this type of takeover is challenging. It requires the criminal to either observe an iPhone user entering their passcode, for example, by looking over their shoulder at a public place, or manipulate the device’s owner to share their passcode. All of this occurs before physically stealing the device.
Once in possession of the passcode, a thief can change the device’s Apple ID, disable “Find my iPhone” to prevent location tracking, and reset the recovery key—a complex 28-digit code designed to protect owners from online hackers. Apple requires this key to reset or regain access to an Apple ID, enhancing user security. However, if a thief changes it, the original owner won’t have the new code and will be locked out of their account.
Apple acknowledged these incidents, stating, “We sympathize with people who have had this experience and we take all attacks on our users very seriously, no matter how rare.” The company emphasized its commitment to continuously enhancing user account and data security.
To protect against such scenarios, users can take specific steps:
Protect the Passcode
Utilize Face ID or Touch ID in public to avoid revealing the passcode. Consider using a longer, alphanumeric passcode that’s more challenging for unauthorized individuals to decipher.
Screen Time Settings
Although not officially endorsed by Apple, users can explore a workaround within the Screen Time settings. By setting up a secondary password, a thief would be required to enter it before changing an Apple ID password.
Regularly back up the iPhone using iCloud or iTunes. This ensures data recovery in case of theft. Consider storing essential files in other cloud services like Google Photos, Microsoft OneDrive, Amazon Photos, or Dropbox for an additional layer of security.
While these measures won’t prevent unauthorized access, they can help mitigate the potential fallout if such an incident occurs.