A troubling method of gaining control over an iPhone and permanently locking out its owner is reportedly on the rise.
According to a recent Wall Street Journal report, some iPhone thieves are exploiting a security setting called the recovery key. This makes it nearly impossible for owners to access their photos, messages, data, and more. Some victims have even reported their bank accounts being drained after thieves accessed their financial apps.
However, this type of takeover is difficult to execute. It requires a criminal to watch an iPhone user enter their passcode or manipulate the owner into sharing it before stealing the device.
Once the thief has the passcode, they can change the device’s Apple ID, disable “Find My iPhone” to avoid tracking, and reset the recovery key, a complex 28-digit code designed to protect users from online hackers.
Apple requires this key to reset or regain access to an Apple ID, enhancing user security. But if a thief changes it, the original owner won’t have the new code and will be locked out of their account.
“We sympathize with people who have had this experience and we take all attacks on our users very seriously, no matter how rare,” an Apple spokesperson told CNN. “We work tirelessly every day to protect our users’ accounts and data and are always investigating additional protections against emerging threats like this one.”
On its website, Apple warns, “You’re responsible for maintaining access to your trusted devices and your recovery key. If you lose both of these items, you could be locked out of your account permanently.”
Jeff Pollard, VP and principal analyst at Forrester Research, suggested the company should offer more customer support options and ways for users to authenticate so they can reset these settings.
In the meantime, here are steps users can take to protect themselves:
Protect Your Passcode
- Use Face ID or Touch ID in public to avoid revealing your passcode.
- Set up a longer, alphanumeric passcode that’s harder to guess.
- Change your passcode immediately if you believe someone has seen it.
Screen Time Settings
Consider enabling a secondary password within the Screen Time settings. This would prompt for the secondary password before any changes to the Apple ID can be made.
Regular Backups
Regularly back up your iPhone via iCloud or iTunes. Consider storing important photos and data in another cloud service like Google Photos, Microsoft OneDrive, Amazon Photos, or Dropbox. This won’t prevent a thief from accessing your device, but it will help mitigate the damage if it happens.