Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life

WSJ: “The passcode that unlocks your phone can give thieves access to your money and data; ‘it’s like a treasure box’”
Via LinkedIn, Edwin Kwan – “The Wall Street Journal has written an article that will challenge your belief on the security of your digital life. It reports on how a basic iPhone feature can allow criminals to steal your entire digital life! This basic feature is your pass code and the technique involves shoulder surfing the target entering their pass code, followed by the old fashion snatching of the iPhone. This usually happens in a crowded place, where it is easy to shoulder surf, like a bar.  Once they have the victim’s iPhone, they’ll use the pass code to do the following:

  1. Turn off find my phone
  2. Change apple id password to lock the victim out
  3. Sign out of trusted devices to prevent the victim from gaining access
  4. Change the trusted phone number
  5. And turn on recovery key so that there is no way for the victim to regain their apple account

They then open an apple card using the victim’s social security number which is usually stored on the phone or in the photos. After that they access the banking apps on the phone using the stored credentials on the victim’s apple password manager and use apple pay to transfer the victim’s money to the apple card. Most victims have recovered the stolen money through fraud claims. However they have been unable to regain access to their apple account and get access to their files and most importantly their photos. It’s quite confronting how a pass code, which can be as simple as a 4 digit number, can provide the keys to your entire digital life. Below are some steps to protect ourselves from such an attack:

  • Have a stronger pass code. Make it at least 6 digits or alpha numeric
  • Use Face ID or Touch ID so that criminals cannot shoulder surf to obtain your pass code
  • Use an external password manager instead of the one built into Apple
  • Delete photos with sensitive personal information…”

Sorry, comments are closed for this post.