đ The iPhone Security Problem
Issue 40-Technology
iPhones and Apple products in general are considered to have very good security measures. This is because of Appleâs advertisements and also the number of features that they have, for example, the ability to disable tracking. Recently a new trend of locking the owner out of their iCloud has arisen and is becoming a big problem. So in this article, Iâm going to explain what happens, what thieves do, and what you can do right now to protect yourself! Make sure to like, share, follow, and check out my LinkedIn page here!
How The Scheme Works
Most of these cases occur at bars, or places where people will find themselves distracted and not fully attentive. A thief may watch over your shoulder as you enter the passcode into your phone, and they will jot it down. The thief may try to befriend you by doing something nice, but when you least expect it, theyâll grab your iPhone and take off. Now, okay, you just lost your phone. our first thought may be to borrow someone elseâs phone to log in to Find My iPhone, but it isnât as simple as that!
How A Thief Locks You Out Of Your Apple Account
After your iPhone is taken away, the thiefâs first steps are to put in the passcode, go to settings, click on the iCloud name, select âPassword & Securityâ, and change the password. Here, the thief can change the password for your entire Apple account, which may hold all your photos, files, messages, contacts, and so much more. The problem is that the iPhone's passcode is the only security before changing the Apple ID password. Since the thieves already have that, they can easily change the iCloud password and lock you out of your Apple Account. Now if you try to log in to Find My iPhone, you wonât be able to get in because the thief just locked you out of your Apple Account.
Itâs even more unlikely that youâll be able to track your phone after the thieves change the Apple ID password, they can also turn off Find My iPhone tracking. They may also select an option to âsign out of all trusted devices,â so that if you have an iPad or Mac to gain access to your Apple Account, this still wonât work. They may also turn on something called a recovery key which weâll go more in-depth on later in the article.
After locking you out of the Apple Account, the thieves will then try to access banking apps. On most banking apps, you will have to log in every time you try to access it for security purposes. However, lots of people have their passwords stored in Appleâs built-in password manager, which unfortunately is behind some biometric authentication or the iPhone passcode. They may also try to open credit cards in the victimâs name since they already have the SSN and other details of the person on photos or documents stored on the phone.
The Recovery Key Problem
I mentioned something called a recovery key earlier. This is key to modifying your Apple Account. The thieves use the passcode to turn on the recovery key before they do anything else on the phone so that the owners canât remotely erase the device and use Find My iPhone. This is an additional barrier to keep you from getting back into your Apple Account. First, they change the main lock, the Apple Account password, which can be changed with the passcode. Well if they only change the account password you can still get back in with the âforgot your passwordâ button. You just need to provide some details like your phone number and you should be good. However, the thieves may change the trusted phone number to theirs and then turn on the recovery key which is a unique 28-character code. This is needed to change the Apple Account password. The main flaw here is that even if you had this turned on before you had your phone taken away, thieves can create a new one to replace the other. Apple did this as a convenience thing for people who misplace their original code. If you lose this key, you may never be able to get into your iCloud account ever again!
What About Android?
You may be wondering why is this mainly a problem with iPhones.In reality, this problem very well exists on Androids with the passcode having many of the same functions as IOS. The reason is because of the resale value of the iPhone. People generally like to think of Android phones as âcheaperâ and thatâs why when you go to a place like Backmarket which specializes in refurbished devices, the resale value of iPhones is much greater than a comparable Android.
The Solution
Apple is currently working on improving its security measures for these sorts of attacks. However until then, here are four things that we can do to keep our Apple Account safe.
- Remove Passwords From iCloud Keychain â As mentioned previously, the thieves use this to access any saved passwords to your accounts. Go to settings, scroll down to passwords, and then delete all the ones you have. Try using a different app like Microsoft Authenticator and enable the pin feature on that. Make sure to set this pin to something thatâs not the same as your iPhone password
- Remove Sensitive Information â Remove pictures or documents of your ID or Passport so the thieves donât have formal identification of you.
- Change Your Passcode â Make your passcode hard to tell or guess. Try using a 6-digit passcode or an alphanumeric code which is the better option
- Prevent Account Modification â Go to Settings, Screen Time, and use the screen time passcode. Make sure to set this to something different than your main passcode. After this, go to âcontent & privacy restrictionsâ, turn on the toggle at the top, then scroll down to the allow changes section. Click âpasscode changesâ, and âaccount changesâ and make sure to turn those to donât allow. This way, a thief canât change the Apple ID password or add a recovery key if your iPhone was stolen.
Thanks for reading this weekâs article and I hope you learned something new about keeping your iPhone secure and what this problem even is. Iâll talk to you next week!
â Luke Rapaka