Zinger Key Points
- Stolen iPhones are not the main target for thieves, but are used to commit larger thefts using bank and payment apps.
- The Stolen Device Protection setting will require a user’s biometric information before changing an AppleID password or Find My iPhone.
There may be critical security vulnerabilities and loopholes within Apple, Inc.’s AAPL iOS software that leaves iPhone users susceptible to theft and identity fraud.
How Thieves Gain Access
In a recent interview with the Wall Street Journal, former iPhone thief Aaron Johnson detailed some of the methods thieves use to obtain passcodes and ultimately gain access to financial accounts on unsuspecting user's phones.
Johnson chose to target victims in public spaces, like bars, and would approach a potential victim with friendly conversation. He would then encourage the victim to unlock the phone to share his contact information or his social media profile. He would watch the iPhone’s owner enter a passcode into the device or simply ask the victim for the passcode in order to access it himself.
Once Johnson had obtained the iPhone’s passcode from its owner, he would steal the device and change the user’s Apple ID password and FaceID settings. After the Apple ID password and FaceID settings were changed, Johnson had full access to the device, including any sensitive information that had been saved by its original owner.
Interestingly, he also noted that thieves will check the Notes and Photos apps because many people keep their passwords and other personal information saved in those locations.
Stolen iPhones Used For More Crime
The unlocked, stolen iPhones are not the main target. Instead they are used to commit larger thefts using bank and payment apps, including ApplePay. Johnson detailed how he would use payment applications and credit cards on the stolen phones to purchase more Apple products from major retailers, including Target Corporation TGT.
Once all accounts were emptied via transfers and purchases, Johnson would then delete all data from the phone using the passwords he created and finally sell the device itself on the street.
Johnson would steal thousands of dollars from his victims. The stolen device used to access the money was often worth much less than the amount stolen using their personal information, he said.
Related News: Apple Executives Spill The Beans: Here's Why The iPhone Maker's Chips Outshine Rivals
How Apple Is Reacting
Critics have noted that one of the most critical security flaws in Apple’s iOS system is the ability to change Apple ID and FaceID settings using only the device’s passcode. Following the report from the Wall Street Journal, Apple introduced a new security setting called “Stolen Device Protection” to allow users to add an additional layer of protection. The new setting requires a user’s biometric information (Face ID or Touch ID) before an AppleID password can be changed or Find My iPhone can be disabled.
The Stolen Device Protection setting must be enabled by the user after installing Apple's iOS 17.3 update, which is expected to be available sometime in January, according to Forbes.
Read Next: White House Declines To Overturn Apple Watch Ban: Analyst Estimates Impact At $300M Or More
Image: Darwin Laganzon from Pixabay
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.