According to a report by The Wall Street Journal, criminals are exploiting a simple iPhone passcode vulnerability to steal people’s entire digital life.
With only the iPhone and its passcode, an interloper can within seconds change the password associated with the iPhone owner’s Apple ID.
This results in the victim locking out of their account, which includes anything stored in iCloud.
The thief can also use the phone’s financial apps since the passcode can unlock access to all the device’s stored passwords.
“Once you get into the phone, it’s like a treasure box,” said Alex Argiro, who investigated a high-profile theft ring as a New York Police Department detective.
“This is growing,” he said. “It is such an opportunistic crime. Everyone has financial apps,” noting that there have been hundreds of such crimes in the city lately.
Reyhan Ayas, a 31-year-old economist, had his iPhone 13 Pro Max leaving a bar in Midtown Manhattan. Within minutes, he was locked out of her iCloud account, and over the next 24 hours, about $10,000 vanished from her bank account.
All of the victims interviewed by The Wall Street Journal said their iPhones were stolen while they were out at night socializing.
Some said the phones were grabbed out of their hands by someone they had just met. Others said they were physically assaulted and intimidated into handing over their phones and passcodes.
According to an Apple spokeswoman, account-recovery policies are now in place to protect users from bad actors accessing their accounts.
“Security researchers agree that iPhone is the most secure consumer mobile device, and we work tirelessly every day to protect all our users from new and emerging threats,” the spokeswoman said.
“We sympathize with users who have had this experience and we take all attacks on our users very seriously, no matter how rare,” she said. “We will continue to advance the protections to help keep user accounts secure.”
A similar vulnerability exists in Google’s Android mobile operating system. However, the higher resale value of iPhones makes them a far more common target.
Want to see more of our stories on Google?
P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!
Although much of the article is true, you can’t lock someone out of their iCloud account by changing their iPhone passcode. The passcode is local to each device. So you can lock them out of their iPhone, which is one of the ways to get into an iCloud account.
Not by just changing the iPhone passcode, but by changing the Apple ID password (and following the steps outlined above).
Typing a passcode? What’s that! 😉
This is a user vulnerability, Its not like this is a new concept people weren’t aware of. People clearly need to be careful when choosing not to use Touch ID or FaceID, everyone knows if someone has your passcode especially to your phone regardless if its Apple or Android they’ll have access to your most sensitive data.
How did the thief get the passcode? I only skimmed through the article, but I couldn’t see how that happened.