+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Thieves have figured out a crafty way to break into locked iPhones after stealing them

Aug 6, 2016, 14:07 IST

A masked participant poses in St.Mark's Square during the Carnival on February 10, 2007 in Venice, Italy. The Carnival traditionally celebrates the passing of winter, with parties, costumes and balls, in the run-up to the Christian observation of Lent.Marco Di Lauro/Getty Images

The iPhone's security is great - but it's not perfect. Nothing is.

Advertisement

Enterprising thieves have now figured out a way to break into stolen iPhones after they've been locked if the owner isn't careful.

It requires duping the target, so it's possible to detect and block - but you need to know what you're doing.

We heard about the trick from Joonas Kiminki, who wrote a blog post about it over on Hackernoon after experiencing it first-hand. Here's how it works:

  • iPhones come equipped with the ability to be locked after they're lost, via the Find My Phone website. This stops anyone from getting in without the correct password, rendering the device effectively useless.
  • But criminals have found a way to game this - by spoofing an email or SMS from Apple telling you your phone has been found.
  • To do this, they need your contact details. But they can often get these from your Medical ID info page. Or you might have them saved in the message you can display on the phone when it's locked, to try and get whoever finds it to contact you.
  • This spoof message will tell the target that their device has been found, and directs them to a website that pretends to be iCloud where they can supposedly get more info about where the phone is exactly.
  • The victim then enters their iCloud account email and password, but it doesn't work, saying the password is wrong. Meanwhile, the login details they typed are secretly transferred to the thief.
  • With these they can then unlock your device, and either steal your data or wipe it completely and start fresh.

It's clever - but if you're alert about it, you don't need to get stung.

Advertisement

Double-check the email address of any message asking you for your login details - Kiminki's came from "icloud.insideappleusa@gmail.com," which obviously isn't an official Apple account. Likewise, make sure that the URL of any "official"-looking websites match up to the real deal. It should also have a green padlock beside it which means the connection is encrypted and verifies the company's identity.

NOW WATCH: Elon Musk just unveiled Tesla's 'top secret' master plan - here are the details

Please enable Javascript to watch this video
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article