In brief: For all the advanced, complicated ways that thieves can access the troves of sensitive data on our phones, the simplest method remains the most effective: discover a victim's passcode before physically stealing the handset. A number of these crimes have taken place recently with iPhone users being the main targets, leading to a response from Apple.
The Wall Street Journal's Joanna Stern reported on the spate of iPhone thefts that have resulted in victims being locked out of their accounts. There have also been instances of money being stolen via cash apps, ID theft, Apple Pay being used, and more.
The victims said their iPhones were stolen while socializing, usually at bars. Working in groups, the criminals would befriend targets and ask them to open an app such as Snapchat on their phones, attempting to observe their password as it's being entered. Sometimes, another gang member would discreetly video the password as the user taps the screen. Once they have the code, the iPhone would be stolen and all its contents accessible.
Not all the crimes happened this way. Some victims were physically assaulted and forced into handing over their phones and passcodes. There were also cases of people being drugged, waking up the next morning with no phone or memory of the previous night.
Knowing someone's passcode grants criminals full access to an iPhone; it can even be used to bypass TouchID or FaceID. Thieves can use the codes to reset someone's Apple ID password, locking victims out of their accounts if they try to access them from a different device. They can also turn off Find My iPhone, preventing it from being located or someone deleting its contents via iCloud. Apple ID contact information can also be changed, and recovery keys set up. As The WSJ notes, Apple's policies don't allow users to regain access to their account if a recovery key is enabled and they can't produce it.
Some victims reported that their apps had been accessed using iCloud Keychain – one person had more than $10,000 transferred from their bank accounts. Thieves were also able to use two-factor authentication when required. There were even cases of Apple credit cards being opened in victims' names and accruing thousands of dollars by finding the phone owner's last four digits of their Social Security number in photos.
We also have suggestions for Apple, including
— Joanna Stern (@JoannaStern) February 24, 2023
"' Add extra protection to iOS to change an Apple ID password
"' Add stronger password protection to iCloud keychain
"' Add additional account recovery options
(🧵6/7)
Apple responded to The Wall Street Journal report by noting that "security researchers agree that iPhone is the most secure consumer mobile device, and we work tirelessly every day to protect all our users from new and emerging threats."
"We sympathize with users who have had this experience and we take all attacks on our users very seriously, no matter how rare," said a spokesperson. "We will continue to advance the protections to help keep user accounts secure."
There are several recommendations for avoiding becoming a victim of this crime: use FaceID or TouchID whenever possible, switch to an alphanumeric passcode that's harder to decipher while it's being entered, and if you do have to type in a code, try to hide the screen with your other hand.
