Two moves to lose control of iPhone and all life and how to avoid it

Two moves to lose control of iPhone and all life and how to avoid it. Two simple steps are enough to lose control of your life. Just be careless with iPhone and you’re done. This is the gist of the story told by the Wall Street Journal and which should serve as a warning to all of us.

iPhone 15 Pro Max, rendered with a slimmer camera hump

In an article, the American financial newspaper reminds us how easy it is for an attacker to bury all the security systems of the Apple phone. It is enough to exploit an imprudence of the designated victim to get his hands on all the contents of the telephone and therefore do every possible and imaginable damage: from stealing money from the current account to potentially entering the victim’s home to rob or threaten him.

The WSJ has put together a terrifying and cautionary investigation, investigating exactly how thieves can steal users’ phones and then do anything with the device after it’s stolen.

One of the easiest ways starts from spying on the unlock code. The attacker lurks in a bar, becomes familiar with the victim and with the excuse of asking for a selfie, for example, makes the victim type the unlock code on the phone. Once you peek at the lock code, which is often easy for the sake of convenience, you somehow snatch the phone and that’s it: two moves and your life is in someone else’s hands.

With the device in hand and the code in mind, the thief unlocks the device, opens Settings, taps on the user’s iCloud account, chooses “Password and security” and then “Change password”. Before allowing the password to be changed, the device requests the unlock code but this is already known to the thief who can then easily change the password.

At this point the phone is vulnerable: it can be restored as new but before that, access a whole series of apps on the device (bank apps, social apps, photos, etc. etc.). It should not be forgotten that iPhone is also used as a key, in some rare cases of the car, in other cases of the house (thanks to smart locks). At that point, one can imagine the criminal migrating to the victim’s home and entering his home for a theft or even a robbery.

The Wall Street Journal reporter interviewed several victims affected by this type of crime; some report that the password change to their account took place in a matter of minutes, which in many cases prevented them from locking the device from a different phone using the “Where is” feature of iCloud.

In Minnesota, a criminal ring specialized in this type of theft has been identified, made up of people who are involved in soliciting the victims, and other people who behind the back of the victim eyed the codes to unlock the phone.

How to avoid this type of theft?

The advice to avoid this type of theft is simple: use Face ID or Touch ID if possible (it does not require entering any code) and use a very long unlock code or an alphanumeric code as an alternative.

If a simple passcode is set on your phone, it is a good idea to change it as soon as possible by going to Settings > Face ID & Passcode > Change Passcode > Passcode Options. The “code options” allow you to create an alphanumeric code (with letters and numbers) that is decidedly more complex to be identified at a glance by the potential thief or his accomplices.

An Apple spokeswoman answered questions from The Wall Street Journal about the theft issue, explaining: “We stand in solidarity with users who have had this experience, and we take all attacks on our users very seriously, no matter how rare they may be. The thefts described are uncommon and require multiple physical steps, and stealing the user’s device is not enough.” And again: “We will continue to improve the protections to keep user accounts safe”.

  1. Among the WSJ’s recommendations for this type of problem:
  2. When possible do not use unlock codes in public but only Face ID or Touch ID
  3. Cover your phone screen with your hand when entering the unlock code in the presence of people
  4. Use an alphanumeric unlock code and NOT simple 4 or 6 digit codes

Remove account passwords that allow access to sensitive information from iCloud Keychain, or use a separate password manager that requires something other than an unlock code to access passwords.

Among the suggestions for Apple: provide for an additional form of protection before allowing the Apple account password to be changed from the device, integrate additional security measures for access to the Keychain and provide new options for restoring the account.

Leave a Reply