(CNN) — A complex but disturbing method to take control of a user’s iPhone and permanently lock the device appears to be on the rise.
According to a recent report by the Wall Street Journal, some iPhone thieves take advantage of a security system called a recovery key that makes it nearly impossible for owners to access their photos, messages, data, and more. Some victims also They said to the publication that their bank accounts were emptied after thieves accessed their financial applications.
However, it should be noted that this type of attack is difficult to execute. A criminal may need to see an iPhone user enter the device’s password — for example, by looking over their shoulder at a bar or sporting event — or manipulate the device’s owner into sharing the password. And all this before physically stealing the device.
From there, a thief can use the code to change the device’s Apple ID, disable Find My iPhone so it can’t be located, and then reset the recovery key, a complex 28-digit code designed to protect their owners. Online hackers.
Apple requires this key to recover or gain access to an Apple ID in an effort to strengthen user security, but if a thief changes it, the original owner won’t have the new code and the account won’t be locked.
“We empathize with people who have had this experience, and we take all attacks on our users seriously, no matter how rare,” an Apple spokesperson said in a statement to CNN. “We work tirelessly every day to protect our users’ accounts and data, and are always exploring additional protections against emerging threats like this one.”
On its website, Apple warns “You are responsible for maintaining access to your trusted devices and your recovery key. If you lose both, you will be permanently locked out of your account.”
Jeff Pollard, vice president and principal analyst at Forrester Research, said the company should provide more customer support options and “recognize ways to allow Apple users to reset these settings.”
For now, there are some steps users can take to protect themselves from this happening to them.
Protect the access code
The first step is to secure the access code.
An Apple spokesperson told CNN that people can use Face ID or Touch ID when they unlock their phone in public to avoid giving out their passcode to anyone watching.
Users can set a long alphanumeric code, making it more difficult for criminals. Device owners should also change the passcode immediately if they think someone has seen it.
Screen time settings
Another step that someone might consider is that the hack is not necessarily approved by Apple, but is one that is circulating on the Internet. Within the iPhone’s Screen Time settings, allowing guardians to set restrictions on how children can use the device, there’s an option to set a secondary password that any user needs before successfully changing the password. Apple ID.
If you enable this option, the thief must enter a second password before changing the Apple ID password.
Back up your phone regularly
Finally, users can protect themselves by making regular backups of their iPhone (via iCloud or iTunes) so they can recover data if it’s stolen. At the same time, users may want to consider storing important photos or other important files and data on another cloud service, such as Google Photos, Microsoft OneDrive, Amazon Photos, or Dropbox.
This won’t prevent a thief from accessing the device, but will somewhat limit the consequences if it does happen.