A sophisticated yet concerning method for taking control of an iPhone and permanently locking out its owner appears to be gaining traction.
According to a recent report from The Wall Street Journal, certain iPhone thieves are exploiting a security feature known as the recovery key, making it extremely difficult for owners to access their photos, messages, and other data. Some victims have reported that their bank accounts were emptied after the thieves gained access to their financial apps.
However, executing this type of attack is challenging. It typically requires the criminal to observe the iPhone user entering their passcode – for example, by peering over their shoulder in public places like bars or sporting events – or to manipulate the owner into sharing their passcode. This is all before physically stealing the device.
Once in possession of the device, a thief could utilize the passcode to alter the device’s Apple ID, deactivate “Find my iPhone” to prevent tracking, and reset the recovery key – a complex 28-digit code designed to safeguard against online hackers.
Apple mandates this key to aid in resetting or regaining access to an Apple ID in an effort to enhance user security. However, if a thief alters it, the original owner will be locked out of the account without the new code.
An Apple spokesperson emphasized the company’s dedication to user security, stating, “We sympathize with people who have had this experience, and we take all attacks on our users very seriously, no matter how rare.” Apple continually works to enhance protections against emerging threats like this one.
On its website, Apple warns users that they are responsible for maintaining access to their trusted devices and recovery key. If both items are lost, users could be permanently locked out of their account.
Jeff Pollard, VP and principal analyst at Forrester Research, suggested that the company should offer more customer support options and “ways for Apple users to authenticate so they can reset these settings.”
For now, however, there are several steps users can take to potentially protect themselves from falling victim to such attacks.
Securing the passcode is paramount.
According to an Apple spokesperson interviewed by CNN, individuals can employ Face ID or Touch ID when unlocking their phone in public to prevent unauthorized access to their passcode.
Users can also opt for a longer, alphanumeric passcode, making it more challenging for malicious actors to decipher. Additionally, device owners should promptly change the passcode if they suspect it has been compromised.
Screen Time settings offer another layer of protection.
A method that has circulated online, though not officially endorsed by Apple, involves utilizing the Screen Time setting on an iPhone. This feature allows guardians to impose restrictions on how children use the device. Within this setting, there is an option to establish a secondary password. This secondary password would be necessary for any user attempting to change an Apple ID.
Enabling this feature prompts a thief to provide the secondary password before altering the Apple ID password, adding an additional barrier to unauthorized access.
Regularly backing up your phone is essential.
Users can safeguard themselves by consistently backing up their iPhone through iCloud or iTunes. This ensures that data can be retrieved in the event of an iPhone theft. Additionally, users may opt to store crucial photos and sensitive files in alternative cloud services like Google Photos, Microsoft OneDrive, Amazon Photos, or Dropbox.
While this measure won’t prevent a malicious actor from accessing the device, it can mitigate some of the consequences if such an event occurs.
