How Thieves are Stealing iPhone Passcodes and Locking Owners Out

Summary:

• Thieves enable “recovery key” on stolen iPhones, locking victims out of their Apple accounts.
• Victims in at least nine US cities report similar incidents, struggling to regain access to data.
• Apple is investigating additional protections but faces criticism for lack of alternative recovery methods.

Thieves are using a lesser-known iPhone security setting to lock people out of their Apple accounts, causing significant personal losses, reports the Wall Street Journal, following up on a story from two months ago.

After stealing iPhones, criminals are enabling the “recovery key” option introduced by Apple in 2020, which was initially designed to protect users from online hackers.

Thieves watching iPhone users punch in their passcodes at bars at night is how they get access in the first place. Once they see your passcode, all they need to do is steal your phone next.

When thieves use a victim’s passcode to enable or generate a new recovery key, the account owner can be locked out permanently if they do not possess the 28-digit code.

Victims in at least nine US cities, including New York, New Orleans, Chicago, and Boston, have reported similar incidents, reaching out to the WSJ after reading its original story from February.

While some have managed to retrieve their money, those locked out of their Apple accounts due to the recovery key face difficulties navigating Apple’s policies and bureaucracy to recover their data. Some have even offered to fly to Cupertino to verify their identity or send a DNA test to recover their  Apple ID.

An Apple spokesman told the WSJ, “We sympathize with people who have had this experience and we take all attacks on our users very seriously, no matter how rare. We work tirelessly every day to protect our users’ accounts and data, and are always investigating additional protections against emerging threats like this one.”

However, victims are frustrated with the lack of alternative methods to prove their account ownership, and many are demanding that Apple consider less privacy-compromising alternatives to the recovery key.

How to set up a recovery key on your iPhone? Go to Settings > Apple ID > Password & Security > Account Recovery > Recovery Key > ON.

Apple will then ask you if you’re sure you want to create a recovery key, because “if you lose your recovery key and cannot access your devices, Apple will not be able to help you regain access to your account or your data.” Yeah, that line makes it wary for some to turn that setting on.

At the end of day, when punching in your iPhone passcode, make sure nobody is looking over your shoulder. Or you can also set up an alphanumeric passcode that contains letters and numbers, making it a bit more difficult for someone to remember what you’re typing in.

Have you set up a Recovery Key for your Apple ID?