A newly published report highlights a new phenomenon in the world of iPhone theft: thieves spy on victims’ phone numbers before stealing devices, with the aim of gaining access to their personal data, including banking apps and Apple Pay.
The lengthy investigation, published by the Wall Street Journal and including interviews with a number of victims, discusses that Apple should support additional protections for its phones, making it difficult for the thief to access user data even if the thief knows the secret code for the device.
According to the report, all of the victims interviewed by the newspaper stated that their phones were stolen from them while they were in public places in the evening. Some victims reported that phones were stolen from their hands, while others stated that they were physically assaulted and threatened. Once the thief has the passcode for the iPhone, he can easily reset the Apple account password and disable the Find My iPhone feature. This makes it difficult for the device owner to track its location or remotely wipe it via iCloud. The thief can also remove other trusted devices from the account to add another layer of protection to the hacker.
However, the report warns that the risk of iPhone theft does not stop there. Once the thief obtains the iPhone’s password, he can use the “Apple Pay” and “Apple Cash” electronic payment applications, and access banking applications using the passwords stored in the “iCloud Keychain” password service. The thief can also unlock the Apple Card by finding the last four digits of the victim’s social tax number in photos stored in apps like the Photos app or Google Drive. In addition, accessing other passwords stored in the iCloud Keychain allows the thief to do more damage, as he can gain access to email accounts and other sensitive information.
The report published a set of steps that iPhone users can adopt to maintain the safety of their personal data and reduce the risk of falling victim to this type of theft. Recommendations include changing the device’s access code from a four-digit code to a code that includes a combination of letters and numbers, which makes it difficult for snoopers to memorize the code.
This can be done in the Settings app in the “Face ID & Passcode” section, then Change the passcode. The phone unlock feature can also be used via Face ID or Touch ID as much as possible instead of the code when going out to public places to prevent thieves from spying on the access code. In cases where a passcode has to be entered, users can place their hand above the screen to hide entering the code.
It is noteworthy that this phenomenon is not exclusive to iPhone phones only, but can apply to any other phone. Therefore, securing the devices and the data stored in them should be a priority for all smartphone users. It is advised to follow basic security measures, such as users changing their account passwords periodically, avoiding passwords that can be easily guessed, and enabling two-factor authentication. Password managers can also be used to generate strong, random passwords for all accounts.
Apple responded to this report by saying that it is working hard to protect its users from new threats. However, the company did not provide any specific details about the next steps that can be taken to increase security. The report suggested adding new protections to iOS and supporting additional account recovery options.