+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

An iPhone thief stole up to $2 million by watching people type their passcodes. Here's how to protect yourself.

Dec 21, 2023, 01:43 IST
Business Insider
Your iPhone's passcode could be its biggest security flaw.NurPhoto
  • An onetime thief told The Wall Street Journal how he'd access iPhones and drain bank accounts.
  • He'd chat up a drunk person and copy their passcode. That gave him access to everything else.
Advertisement

Wall Street Journal columnist Joanna Stern interviewed an iPhone thief who's in prison for using iPhone passcodes to make his way into people's phones.

Once he got into the phones, he and his crew drained victims' bank accounts to the tune of up to $2 million in total, her reporting says.

The convicted thief, Aaron Johnson, explained to Stern how he'd hoodwink people into handing over their passcodes. And it's worth reading so you can protect yourself:

After they had the phone and the passcode, the thieves would immediately change the victim's Face ID and Apple ID passwords — and then get to work draining money from banking apps, crypto wallets, and Venmo. They'd even use Apple Pay to go shopping in stores.

Stern and colleague Nicole Nguyen had been reporting about this particular vulnerability in iPhones for a while. Although things like Face ID, the iCloud keychain's password manager, and all the other security features on an iPhone are pretty good, everything hinges on one entry point: that flimsy 6 digit passcode.

Advertisement

This is, in a way, a pretty simple theft: gain enough trust to get someone to hand you their phone (something we've all done) and unlock it in front of the person. No SIM-swapping or super technical hacking required.

But things could be getting a little more locked-down soon: Apple is set to roll out a new feature: stolen device protection. This will make it much harder to change an Apple ID or Face ID password. It will require a biometric scan — like your fingerprint or eye — and if you're not in a known location, like your home or work, there will be a one-hour delay before the changes are made.

That could thwart some attempted thefts, like the ones Johnson described to Stern.

The new feature will roll out in an upcoming update to iOS 17: Turn it on — and make yourself a little safer.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article