Tech giant and iPhone maker Apple Inc. responded to a report published Friday that detailed how scammers and criminals are spying on iPhone users’ passcodes before stealing their device and gaining access, stealing thousands of dollars in the process.
Every one of the victims interviewed by the Wall Street Journal, for its front page article titled “A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life,” said their iPhones were stolen while they were at public places at night or in bars. At least one said they were drugged before their device was stolen and unlocked, others said their iPhones were grabbed from their hands by a person they had just met, some said they were assaulted, and some described other scenarios, according to the paper.
But all the victims told the paper they were locked out of their Apple accounts after their devices were stolen, and many discovered they were victims of financial thefts. Elaborating, some said their bank accounts were drained, had significant Apple Pay charges, or that the thieves made unauthorized payments via Venmo or similar apps.
It noted that if a thief can get a user’s passcode, they can reset the victim’s Apple ID password via the phone’s Settings, including whether Touch ID or Face ID are enabled. The thief can also turn off the phone’s Find My iPhone setting, meaning the user won’t be able to find their device.
“We sympathize with users who have had this experience and we take all attacks on our users very seriously, no matter how rare,” the spokesperson said. “We will continue to advance the protections to help keep user accounts secure.” Apple did not provide any specific details about any next steps it might take to increase security.
And to protect a bank account, the article says users should consider storing their password in a password manager that doesn’t involve the passcode of the device.
Meanwhile, some payment apps like Venmo, Cash App, and PayPal allow users to add a password to access the app, which will prevent would-be thieves from making unauthorized payments.
It also recommends that if an iPhone user believes their phone is stolen, they should attempt to log into their iCloud.com account or Apple account from another device. Users can use the Find Devices section to remotely wipe the phone’s hard drive. It recommends that users should contact the cellular carrier to deactivate the iPhone’s SIM card.
Law enforcement officials told the WSJ that Google devices are also targeted by thieves but noted iPhones have a higher resale value.
“Our sign-in and account-recovery policies try to strike a balance between allowing legitimate users to retain access to their accounts in real-world scenarios and keeping the bad actors out,” a Google spokesman told the outlet.
The Epoch Times has contacted Apple for comment.