Share This Article
A new report by The Wall Street Journal’s Joanna Stern and Nicole Nguyen has highlighted a concerning trend: thieves spying on iPhone passcodes before stealing the device to gain access to the victim’s personal data and money. The report provides several specific examples of this happening to individuals while they were out socializing at bars and other public places at night.
Once a thief has knowledge of an iPhone’s passcode, they can easily reset the victim’s Apple ID password, even if Face ID or Touch ID is enabled. This means that the thief can turn off Find My iPhone on the device, preventing the owner from tracking its location or remotely erasing the device via iCloud. The thief can also remove other trusted Apple devices from the account to further lock out the victim.
Additionally, with knowledge of an iPhone’s passcode, a thief can use Apple Pay, send Apple Cash, and access banking apps using passwords stored in iCloud Keychain. Even if Face ID or Touch ID is enabled on the iPhone, the thief can bypass these authentication methods and enter the device’s passcode instead. The report claims that thieves have even been able to open an Apple Card by finding the victim’s last four digits of their Social Security number in photos stored in apps like Photos or Google Drive.
Access to other passwords stored in iCloud Keychain allows the thief to further wreak havoc, as it could give them access to email accounts and other sensitive information. Essentially, the report suggests that thieves can “steal your entire digital life“.
In response to the report, Apple has stated that it is constantly working to protect its users from new and emerging threats. However, the company did not provide any specific details about what next steps it might take to increase security.
Joanna Stern recommended in a tweet that Apple add extra protections to iOS and introduce additional Apple ID account recovery options. As our lives become increasingly digital, it’s important for individuals and tech companies to be vigilant about security to protect personal data and prevent theft.