iPhone thieves are using a security feature to lock users out of their Apple accounts, report says
- iPhone thieves are using the "recovery key" to get into Apple accounts and log users out.
- If the security tool is enabled, users could lose everything stored on an Apple device.
iPhone thieves are targeting an Apple security feature called the "recovery key" to lock users out of their own cell phones.
The optional feature renders it almost impossible for users to access their own accounts, The Wall Street Journal reported earlier this month.
"A recovery key is a randomly generated 28-character code that you can use to help reset your password or regain access to your Apple ID," according to Apple.
The key is designed to make an account more secure, but it requires access to the device as well as the key. If you lose access to these, "you could be locked out of your account permanently," Apple says on its website.
That's because activating the recovery key feature turns off "account recovery," meaning you can't get back into your Apple ID account without it.
The tech giant advises users to keep a copy of the key with a family member, or to keep multiple copies.
Thieves exploiting the feature target users by watching them as they enter their passcodes before stealing the devices. They are then able to switch on the recovery key, or generate a new one if it's already activated, and lock the user out, per The Journal.
Reyhan Ayas spoke to Insider about how she struggled to regain access to her Apple ID account just minutes after a man snatched her phone outside a bar in Manhattan. She was powerless as thieves took $10,000 from her account.
Trent, another victim of theft, was out with friends one night in February 2021 when he realized that a thief had swapped out his iPhone with a fake. His account was then charged $1,633 for an iPad, while $229 was taken from his Venmo account.
In both cases, the thieves had gained access to their Apple ID account, and both suspected the thieves of having watched them while they entered their passcodes. Both said Apple were unhelpful when they tried to recover their accounts.
Greg Frasca told The Journal he's been logged out of his account since October. He told Apple he was willing to fly from Florida to its California headquarters to prove his identity in person or write a check for $10,000 to get the account back, the newspaper reported.
Similarly to Ayas and Trent, he said thieves had changed his Apple ID account's password and enabled the recovery key.
An Apple representative told The Journal it worked "tirelessly every day to protect our users' accounts and data, and are always investigating additional protections against emerging threats like this one."
Apple didn't respond to a request for comment from Insider.
How to protect yourself
While Apple's website offers some general advice for users, there are a few other practical steps that can help you keep your accounts secure.
An Apple representative told CNN that it's advisable to use Face ID or Touch ID when signing into a device in public, and set up longer, alphanumeric passwords.
Have you been the victim of theft or have insight to share? Contact this reporter at stabahriti@insider.com or on Twitter at @samtabahriti