Cybersecurity: How to safeguard against iPhone thieves’ tactics of locking you out of your device

An increasingly prevalent method used by iPhone thieves to seize control of users’ devices and permanently restrict access to their own data has been detected.

Reports indicate that certain iPhone thieves are exploiting a security feature known as the recovery key, rendering it exceedingly challenging for rightful owners to retrieve their photos, messages, and other critical data. Some victims disclosed that their financial accounts were drained after the thieves have gained access to their financial applications.

For iPhone users, it is important to acknowledge that executing this form of takeover is no simple feat. It demands that a criminal either closely monitors an iPhone user as they input the passcode – such as by observing them in public venues like bars or sporting events – or manipulates the device’s owner into divulging their passcode, all prior to physically pilfering the device.

Subsequently, a thief could employ the passcode to alter the device’s Apple ID, deactivate the “Find my iPhone” service to evade location tracking, and subsequently reset the recovery key, a convoluted 28-digit code designed to safeguard users from online hackers.

Apple requires this key to assist in resetting or regaining access to an Apple ID to fortify user security. However, if a thief alters it, the original owner will lack the new code and consequently be locked out of the account.

An Apple spokesperson said that “we sympathise with individuals who have undergone this ordeal, and we treat all assaults on our users with utmost seriousness, irrespective of their rarity. We tirelessly endeavor each day to safeguard our users’ accounts and data, perpetually exploring additional safeguards against emerging threats like this one.”

Apple cautions iPhone users in a statement on its website that “you’re accountable for maintaining access to your trusted devices and your recovery key. If you misplace both these items, you risk being permanently locked out of your account.”

Nevertheless, for the time being, there exist several measures users can adopt to potentially shield themselves from falling victim to such incidents.

Strategies to Defend Against iPhone Thieves’ Ploy of Device Lockout

1. Safeguard the Passcode: Begin by fortifying the passcode. According to an Apple spokesperson, individuals can employ Face ID or Touch ID when unlocking their phones in public to prevent unauthorized individuals from glimpsing their passcode. Users can also opt for a longer, alphanumeric passcode that’s more challenging for malicious actors to decipher. Moreover, device owners should promptly change the passcode if they suspect it has been compromised.
3. Screen Time Settings: Another precautionary measure involves using a method not explicitly endorsed by Apple but one that has been circulating online. Within an iPhone’s Screen Time settings, which permit guardians to establish restrictions on the device’s usage, there exists an option to configure a secondary password. This secondary password would be necessitated from any user prior to successfully altering an Apple ID. By activating this feature, a thief would be prompted for the secondary password before changing the Apple ID password.
5. Regular Phone Backups: Lastly, users can shield themselves by routinely backing up their iPhones – whether via iCloud or iTunes – to facilitate data recovery in the event of theft. Simultaneously, users might consider storing crucial photos or sensitive data in an alternative cloud service, such as Google Photos, Microsoft OneDrive, Amazon Photos, or Dropbox. While this may not prevent a malicious actor from accessing the device, it can mitigate some of the ramifications if such an event were to occur.