How to safeguard yourself from iPhone thieves who may lock you out of your own device.
Some iPhone thieves are exploiting a security feature called the recovery key, making it nearly impossible for owners to access their photos, messages, data, and more, as reported by the Wall Street Journal.
A complex yet troubling tactic for gaining control of an iPhone and permanently locking the user out of their device appears to be on the rise.
Some iPhone thieves are exploiting a security feature called the recovery key, making it nearly impossible for owners to access their photos, messages, data, and more, as reported by the Wall Street Journal. Some victims also reported that their bank accounts were emptied after the thieves accessed their financial apps.
However, it’s important to recognize that this type of takeover is challenging to execute. It requires the criminal to observe an iPhone user entering their passcode—perhaps by looking over their shoulder at a bar or event—or to trick the owner into revealing their passcode. This all happens before the device is physically stolen.
Once the passcode is obtained, a thief could use it to change the device's Apple ID, disable "Find My iPhone" so the location can't be tracked, and then reset the recovery key—a complex 28-digit code designed to protect users from online hackers.
Apple requires this key to reset or regain access to an Apple ID, enhancing user security, but if a thief resets it, the original owner won't have the new code and will be locked out of their account.
"We empathize with those who have faced this situation, and we take all attacks on our users very seriously, no matter how rare," an Apple spokesperson said in a statement to CNN. "We work relentlessly every day to protect our users’ accounts and data, and are always exploring additional protections against emerging threats like this one."
On its website, Apple warns, "You're responsible for maintaining access to your trusted devices and recovery key. If you lose both, you could be locked out of your account permanently."
Jeff Pollard, VP and principal analyst at Forrester Research, mentioned that the company should provide more customer support options and "ways for Apple users to authenticate so they can reset these settings."
For now, there are a few steps users can take to protect themselves from this happening.
Protect the passcode The first step is safeguarding the passcode.
An Apple spokesperson told CNN that people can use Face ID or Touch ID when unlocking their phones in public to avoid exposing their passcode to onlookers.
Users can also set up a longer, alphanumeric passcode that's harder for malicious individuals to guess. Device owners should also change the passcode immediately if they suspect someone has seen it.
Screen Time settings Another option is a workaround, not officially endorsed by Apple but shared online. In the iPhone’s Screen Time setting, which lets guardians set up restrictions on a child's device usage, there's an option to set up a secondary password required to change the Apple ID.
By enabling this, a thief would need that secondary password before they could change the Apple ID password.
Back up phone regularly Lastly, users can protect themselves by regularly backing up their iPhone—via iCloud or iTunes—so data can be recovered if the device is stolen. Additionally, users might consider storing important photos or other sensitive files and data in another cloud service, like Google Photos, Microsoft OneDrive, Amazon Photos, or Dropbox.
While this won’t prevent unauthorized access to the device, it can help mitigate some of the damage if it happens.
What's Your Reaction?