A concerning trend is on the rise among iPhone thieves, where they exploit a security setting called the recovery key, making it nearly impossible for owners to access their own device, including their photos, messages, and data. This method has caused some victims to lose access to their financial apps, and their bank accounts have been drained.
The method requires a thief to watch an iPhone user enter the device’s passcode or manipulate the device owner into sharing it, all before physically stealing the device. Once the thief has the passcode, they can change the device’s Apple ID, turn off “Find my iPhone” to avoid being tracked, and reset the recovery key, a complex 28-digit code designed to protect the owner from online hackers.
Apple requires the recovery key to reset or regain access to an Apple ID, but if a thief changes it, the original owner will not have the new code and will be locked out of their account. This scenario has prompted concerns from users and analysts, who believe that Apple should offer more customer support options and ways for users to authenticate so they can reset these settings.
While Apple is working on additional protections, users can take steps to potentially protect themselves from this situation. The first step is protecting the passcode by using Face ID or Touch ID when unlocking the phone in public to avoid revealing it to anyone watching. Users can also set up a longer, alphanumeric passcode that is harder to guess and change it immediately if they suspect someone has seen it.
Another step is to enable a secondary password within the Screen Time setting. This hack is not necessarily endorsed by Apple, but it allows guardians to set up restrictions on how kids can use the device. By enabling this, a thief would be prompted for that secondary password before changing an Apple ID password.
Lastly, users can protect themselves by regularly backing up their iPhone via iCloud or iTunes, allowing data to be recovered in the event the phone is stolen. They may also want to consider storing important photos or sensitive files and data in another cloud service, such as Google Photos, Microsoft OneDrive, or Dropbox.
While these steps may not completely prevent a bad actor from gaining access to an iPhone, they can limit some of the fallout if it ever happens. As technology continues to evolve, users must remain vigilant in protecting their devices and data.