They block you even your Apple accounts

2023-04-19 18:31:14

A man in black hoodie using smart phone and try to unlock password for hacker in computer security system. (Getty Creative)

Apple devices have always been known for their security features, including network Find My, which has received significant updates in recent years. However, a report from The Wall Street Journal reveals that these features are not enough to prevent thieves from accessing user data. What’s more, they can make the user lose forever not only the phone, but also access to family photos, backgrounds, cards, and everything else on their phone.

The thieves, often in and around bars at night, watch iPhone owners type in their passwords and then steal their victims’ phones. With this short string of four or six digits, criminals can change Apple account passwords and rack up thousands of dollars in fees using Apple Pay and financial apps.

But not only that, thieves can also activate a hard-to-find Apple security setting known as “recovery key”. By doing so, they place an impenetrable lock on your account.

Apple introduced the optional recovery key in 2020 to protect users from online hackers. Users who activate the recovery key, a unique 28-digit code, must provide it when they want to reset their Apple ID password.

iPhone thieves who have your password can activate the recovery key and lock you out. And if you already have the recovery key activated, they can easily generate a new one, which also locks you out.

Apple’s policy practically does not allow users to access their accounts without the recovery key. For now, a stolen iPhone can result in devastating personal losses.

If they know your passcode, they have full access to your iPhone. Photo: Getty Images.

With iOS 17, Apple should invest even more in anti-theft security features for iPhone and iPad.

Smartphone theft is not something new. However, the motives for these thefts have changed considerably in recent years. In the past, people stole phones to resell them on the underground market. Even when Apple and other companies introduced things like iCloud Lock, it didn’t stop thieves from stealing phones. After all, they could easily remove and sell parts of the device, such as the screen.

But as technology has advanced, we’ve been putting more of our lives on our phones. Our passwords, our credit cards, our bank accounts, our documents… and as the WSJ report shows, these advantages can turn into a nightmare when all this data is in the wrong hands.

For example, many banks today allow customers to do all sorts of transactions directly from their app without ever having to go to an ATM or bank branch. This is very comfortable, and it is difficult to imagine a life without these advantages. However, this has also made thieves even more interested in stealing smartphones.

And? Smartphones have passwords and biometric authentication

Some of you may be wondering just that. How would it be possible to access all the apps on a smartphone if the device is protected by a password or, even better, by Face ID or Touch ID? It turns out that criminals have found ways around it, and I’m not even talking about advanced exploits to hack your phone.

In one example given by the WSJ’s Nicole Nguyen and Joanna Stern, a group of thieves choose a distracted victim to steal her phone. But before doing so, one of the thieves discreetly records videos of the victim typing her password to unlock the phone. In some countries like Brazil, armed robbers even ask the victim for the iPhone password before stealing it.

And unfortunately, Apple has loosened up its security system to allow users to do many things using just the iPhone and iPad passcode. For example, you can go to the Settings app and reset your Apple ID password using just your device’s PIN code. This can help someone who legitimately forgot their Apple ID password, but it also helps thieves quickly change the account password on a stolen phone.

And even if you have Touch ID or Face ID turned on, you can easily bypass those security authentication methods if you know the iPhone passcode. This is because iOS asks you for the passcode when it fails to read your biometric data as a fallback method. This means that anyone who has your password can access your messaging apps, private notes, banking apps, and even Apple Pay.

What can you do about it?

There is no easy solution for this. As I mentioned before, there isn’t much you can do when someone remotely videotapes your password or even aggressively forces you to give it to them.

However, Apple can (and should) do a few things to make life more difficult for thieves and give victims more time to find a way to lock up their stolen phone and bank accounts. Samsung, for example, allows users to create a protected folder with specific apps that can only be accessed under certain circumstances, such as when the phone is connected to the user’s Wi-Fi network.

Also on Samsung phones, users can disguise banking apps with different names and icons. This does not prevent others from accessing them, but it complicates the process. It may be enough to call your bank and ask them to block your account.

But the first thing Apple should do is remove the option to reset Apple ID password using only passcode on iPhone and iPad. This is very alarming for a company that claims to care about privacy and security. Most people use weak passwords for their devices, and Apple itself offers a 6-number PIN as the default option for iOS.