A sophisticated yet disturbing method to gain control of an iPhone user and permanently lock them out of the device seems to be on the rise. Some iPhone thieves use a security setting called a recovery key that makes it nearly impossible for owners to gain access. their photos, messages, dates and more, according to a recent Wall Street Journal report. Some victims also told the publication that their bank accounts were drained after the thieves got into their financial apps. However, it is important to note that this type of takeover is difficult to master. It requires the criminal to essentially watch the iPhone user enter the device’s passcode, such as by looking over their shoulder at a bar or sporting event, or manipulating the device’s owner into sharing their passcode. And that’s before they physically steal the device. From there, a thief could use the passcode to change the device’s Apple ID, turn off Find My iPhone so its location can’t be tracked, and then reset the recovery key. a complex 28-digit code designed to protect its owners from online hackers. Apple requires this key to help reset or regain access to an Apple ID in an effort to strengthen user security, but if a thief changes it, the original owner won’t have a new code and will be locked out of the account. we take all attacks against our users very seriously, no matter how rare,” an Apple spokesperson said in a statement to CNN. “We work tirelessly every day to protect our users’ accounts and data, and we’re constantly researching additional protections against emerging threats like this.” Apple warns on its website that “you are responsible for maintaining access to your trusted devices and for recovery.” key. If you lose both of those items, you could be permanently locked out of your account.” Video above: Apple bug blocks Mass. Man from wiping dead mothers’ phone Jeff Pollard, vice president and principal analyst at Forrester Research, said the company should offer more customer options support and “ways for Apple users to authenticate themselves to reset these settings.” In the meantime, however, there are a few steps users can take to potentially protect themselves from this happening to them. Protect your passcode The first step is protecting your passcode . An Apple spokesperson told CNN that people can use Face ID or Touch ID when unlocking their phone in public so they don’t reveal their passcode to anyone who might be watching. Users can also set a longer, alphanumeric passcode that’s harder. actors device owners should also immediately change the passcode if they believe someone else has seen it.Setting Screen Time Another step someone might consider is a hack that isn’t necessarily supported by Apple, but that has spread online. As part of the iPhone’s Screen Time settings, which allow guardians to set restrictions on how children can use the device, there is an option to set a secondary password that would be required of each user before they can successfully change their Apple ID. in which case, the thief would be prompted for a secondary password before changing the Apple ID password. Back up your phone regularly Finally, users can protect themselves by regularly backing up their iPhone via iCloud or iTunes so that data can be recovered in case the iPhone is stolen. At the same time, users may consider storing important photos or other sensitive files and data in another cloud service such as Google Photos, Microsoft OneDrive, Amazon Photos, or Dropbox. This won’t prevent a bad actor from gaining access to the device, but it should limit some of the fallout should it ever occur.
A sophisticated yet disturbing method to gain control of an iPhone user and permanently lock them out of the device seems to be on the rise.
Some iPhone thieves are using a security setting called a recovery key that makes it nearly impossible for owners to access their photos, messages, data and more, according to a recent Wall Street Journal report. Some victims also told the publication that their bank accounts were drained after the thieves got into their financial apps.
However, it is important to note that this type of takeover is difficult to master. It requires the criminal to essentially watch the iPhone user enter the device’s passcode, such as by looking over their shoulder at a bar or sporting event, or manipulating the device’s owner into sharing their passcode. And that’s before they physically steal the device.
From there, a thief could use the passcode to change the device’s Apple ID, turn off Find My iPhone so its location can’t be tracked, and then reset the recovery key, a complex 28-digit code designed to protect its owners. from online hackers.
Apple requires this key to help reset or regain access to an Apple ID in an effort to strengthen user security, but if a thief changes it, the original owner will not have a new code and will be locked out of the account.
“We empathize with people who have this experience and take all attacks against our users very seriously, no matter how rare,” an Apple spokesperson said in a statement to CNN. “We work tirelessly every day to protect our users’ accounts and data, and we’re constantly exploring additional options to protect against emerging threats like this.”
Apple warns on its website “you are responsible for maintaining access to your trusted devices and your recovery key. If you lose both of these items, you may be permanently locked out of your account.”
Video above: Apple bug blocks Mass. Mana in wiping dead mothers phone
Jeff Pollard, vice president and principal analyst at Forrester Research, said the company should offer more customer support options and “ways for Apple users to authenticate themselves to reset these settings.”
For now, however, there are a few steps users can take to potentially protect themselves from this happening to them.
Protect your passcode
The first step is to protect the access code.
An Apple spokesperson told CNN that people can use Face ID or Touch ID when unlocking their phone in public to avoid revealing their passcode to anyone who might be watching.
Users can also set a longer, alphanumeric passcode that is harder for bad actors to figure out. Device owners should also immediately change the passcode if they believe someone else has seen it.
Setting screen time
Another step one might consider is a hack that isn’t necessarily approved by Apple, but is circulating online. In the iPhone’s Screen Time settings, which allow guardians to set restrictions on how children can use the device, there is an option to set a secondary password that would be required of each user before they can successfully change their Apple ID.
If you enable this, a thief will be prompted for a secondary password before changing the Apple ID password.
Back up your phone regularly
Finally, users can protect themselves by regularly backing up their iPhone via iCloud or iTunes so that data can be recovered if the iPhone is stolen. At the same time, users may consider saving important photos or other sensitive files and data to another cloud service, such as Google Photos, Microsoft OneDrive, Amazon Photos, or Dropbox.
This won’t prevent a bad actor from gaining access to the device, but it should limit some of the fallout should it ever occur.
