According to a thorough study by Joanna Stern and Nicole Nguyen in today’s Wall Street Journal, criminals have been found to spy on a victim’s iPhone password before snatching the phone in order to access the victim’s information and money.
All of the individuals who were interviewed stated that when they went out and about at bars as well as other public areas at night, their iPhones were taken.
Some witnesses claimed that people took their iPhones from their palms, whereas others claimed that they were physically abused and intimidated. The article contains precise examples of these events.
Although if Face Recognition or Fingerprint Scanner are turned on, a criminal with access to the victim’s iPhone’s password can quickly reset the victim’s Apple ID passcode through the App settings.
The thief then can deactivate Find My iPhone on the targeted system, prohibiting the owner from tracing its position or remotely deleting it via iCloud. Further to isolate the victim, the thief can erase other Apple phones from the account.
To stop a victim from obtaining their Apple ID restored, the thief also can alter the contact data and set up a restore point.
The issue is worsened by the fact that a person who knows the password to an iPhone can use Apple Pay, transfer Apple Cash, and access financial apps by using credentials saved in the iCloud Keychain.
Even if Face Recognition or Fingerprint Scanners are switched on for the iPhone, thieves can easily escape these security precautions and are then provided with the choice to enter the phone’s password.
The research states that in a few instances, attackers were able to access an Apple Card by discovering the victim’s final four Social Security numbers in photos kept in Google Drive or Photos apps.
The thief could further cause chaos by getting access to certain other passwords kept in iCloud Keychain since they may allow them entry to personal emails and other sensitive data. Overall, based on the research, thieves can “steal your entire digital life.”
Stern proposed in a tweet that Apple improve iOS security and offer additional ways to retrieve an Apple ID account.
Apple Responds:
In response to the report, an Apple spokesperson said “security researchers agree that iPhone is the most secure consumer mobile device, and we work tirelessly every day to protect all our users from new and emerging threats.”
“We sympathize with users who have had this experience and we take all attacks on our users very seriously, no matter how rare,” the spokesperson added.
“We will continue to advance the protections to help keep user accounts secure.” Apple did not provide any specific details about any next steps it might take to increase security.
In a tweet, Stern recommended that Apple add extra protections to iOS and introduce additional Apple ID account recovery options.
How to Stay Protected:
Stern instructed users to change from a four-digit password to an alphanumeric one on Twitter as it would be harder for criminals to eavesdrop. You can do this by choosing Face ID & Security code Edit Passcode in the App settings.
To avoid password theft, iPhone owners should enable Face Unlock or Fingerprint Sensor as frequently as possible while out in public. Individuals can place their hands over device screens to hide password input when typing the password is required.
Consider using a password manager like 1Password, which does not need the phone’s password, to save the password for a bank account.
