Last week,
Apple
started to roll out the iOS 17.3 beta update for all users, bringing a new security mode that will help users to protect users against attackers who try to steal victims’ passcodes. Now, a report has found how these thieves tricked customers and got their passwords.
What is the issue
Earlier this year, a report by The Wall Street Journal discovered a scam in which thieves befriend and spy on their victims, in places like bars at night.
Then these thieves would somehow steal the passwords of their victims’ iPhones and dupe them of thousands of dollars. They also turn off theft protections and lock them out of their iPhones.
Apple Stolen Device Protection feature
iPhone
users have to input a four-digit or six-digit passcode, which is tied to FaceID facial recognition tool, when the device is set up. The Stolen Device Protection security feature creates a second layer of security and makes it harder for thieves to use the passcode to misuse if the victim’s iPhone is not at home or at work.
People have to turn on the Stolen Device Protection, which means that iPhone’s will require Apple’s FaceID facial recognition as well as a passcode for users to perform certain sensitive actions if the phone is at a location that is not usually associated with its owner.
How a thief unlocked iPhones
The publication has now published another report explaining how these thieves targeted people at public places like bars. In an interview, a convicted iPhone thief said that he would watch people type in their passcodes to access their phones.
Thieves would go up to potential victims offering drugs or ask them to connect with them on Snapchat because they were a rapper and seek support from people. The person would hand over the unlocked iPhone to the attacker, who would lock the phone and tell the owner that there is something wrong with the phone.
The victim, unknowingly, punches in the passcode which the attacker memorises or videotapes the passcode. When the thief gets blamed for taking the phone, he wouldn’t have it because he passed it to someone else, suggesting that it was not a one man’s job.
It would take 5-10 seconds for the thieves to change the phone’s password and FaceID, allowing them unrestricted access to all apps, including the payments ones. If the credit card information is saved, the thieves would shop for thousands of dollars, then erase the phone and sell it. An iPhone 14 Pro Max with 1TB storage would go for about $900.
The thieves could make about $20,000 by just selling the iPhones on a weekend. They also nicked some Android phones but iPhones hold more value. The group claims to have stolen about $2 million.
English (US) ·