Apple reacts to thieves who spy on iPhone codes to recover data
A survey of wall street journal reveals that some thieves about to steal iPhones take it upon themselves to stay close to the victims before taking action, hoping that they will unlock their phone with the code. Thus, thieves will be able to use the code to access the content and not have a locked iPhone in their hands.
Pay attention to the code of your iPhone
All of the victims interviewed said their iPhones were stolen while they were in bars or other public places at night. Some victims said strangers snatched the iPhones from their hands, while others said they were physically attacked and intimidated.
Having the code unlocks the iPhone and gives you access to everything on it. It also allows thieves to reset the password of the configured Apple account. Later, the thief can turn off Find My on the device, preventing the iPhone owner from tracking their location or wiping the device remotely via iCloud. The thief can also remove other trusted Apple devices from the account to further lock the victim out.
It doesn’t stop there, since the thief can also change the details of an Apple ID and set up a recovery key to prevent a victim from recovering the account.
Apple responded to this case through a spokesperson:
Security researchers agree that the iPhone is the most secure consumer mobile device and we work tirelessly every day to protect all of our users against new and emerging threats. We sympathize with users who have had this experience and take all attacks on our users, no matter how rare, very seriously. We will continue to advance protections to keep user accounts secure.
How to be more secure?
A trick may be to use an alphanumeric code rather than 4 or 6 digits. Thieves might find it a little harder to spy on the full alphanumeric code. To do this, go to Settings > Face ID and code > Change code, enter your current code, then tap the “Code option” option and select “Personal alphanumeric code”.
Also, it may be advisable to use Face ID or Touch ID as a priority, and limit the use of the code outdoors. Regarding passwords, it is preferable not to store them in plain text. The best is to use a password manager like 1Password, Bitwarden or another.