iPhone thieves use low-tech methods to steal users passcodes and bank accounts
“Shoulder surfers” – people peering at your device’s display over your shoulder unbidden or, worse, criminals even being given the password by users in bars who’ve had too much to drink – are a real problem that leads to hacking, stolen information, and even identity theft. Privacy champion Apple is addressing this low tech security vulnerability. A new iOS setting, coming early next year in iOS 17.3, called Stolen Device Protection is designed to defend against shoulder surfers.
Aaron Johnson, currently serving several years in the Minnesota Correctional Facility, explained the intricacies of crime to The Wall Street Journal.
Joanna Stern for The Wall Street Journal:
Johnson, along with a crew of others, operated in Minneapolis for at least a year during 2021 and 2022. In and around bars at night, he would befriend young people, slyly learn their passcodes and take their phones. Using that code, he’d lock victims out of their Apple accounts and loot thousands of dollars from their bank apps. Finally, he’d sell the phones themselves.
Pinpoint the victim. Bars became his ideal location. College-age men became his ideal target. “They’re already drunk and don’t know what’s going on for real,” Johnson said. Women, he said, tended to be more guarded and alert to suspicious behavior.
Get the passcode. Friendly and energetic, that’s how victims described Johnson… After talking for a bit, they would hand over the phone to Johnson, thinking he’d just input his info and hand it right back. “I say, ‘Hey, your phone is locked. What’s the passcode?’ They say, ‘2-3-4-5-6,’ or something. And then I just remember it,” Johnson described. Sometimes he would record people typing their passcodes.
Lock them out—fast. Within minutes of taking the iPhones, Johnson was in the Settings menu, changing the Apple ID password. He’d then use the new password to turn off Find My iPhone so victims couldn’t log in on some other phone or computer to remotely locate—and even erase—the stolen device.
Take the money. Johnson said he would then enroll his face in Face ID because “when you got your face on there, you got the key to everything.”
Sell the phones. Finally, he’d erase the phone and sell it to Zhongshuang “Brandon” Su who, according to his arrest warrant, sold them overseas.
MacDailyNews Take: “Don’t give your passcode to anyone you’ve just met in a bar” seems like apt – and blatantly obvious – advice to anyone who’d interested in retaining their bank accounts, identity, etc. For those who can’t manage that, Apple’s new “Stolen Device Protection” feature is coming soon (it’s already here in beta; more info here).
Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!
Support MacDailyNews at no extra cost to you by using this link to shop at Amazon.
The post iPhone thieves use low-tech methods to steal users passcodes and bank accounts appeared first on MacDailyNews.