Criminals target local iPhone users to take over their digital identities
Apple iPhones are a high value target for criminals, but protections implemented by Apple make it nearly impossible to sell stolen iPhones that are locked.
A new threat has emerged that is exploiting a vulnerability in the iPhone design. First reported by the Wall Street Journal, it is a local attack that focuses on biometric or passkey access to the device.
In one attack, the thieves observe the victim to spot the passkey that is entered to unlock their Apple device. The iPhone is then snatched and the thieves take off. Within minutes, according to the Wall Street Journal article, they have accessed the iPhone using the passkey and changed the Apple ID password.
With it, they disable the find my device feature, so that the victims can't locate their device anymore. Additionally, they gain access to passwords stored in iCloud Keychain, make purchases using Apple Pay, and scan documents and photos for Social Security numbers, Credit Card or bank account information. They may even sell the device after wiping it.
Financial theft may include using Apple Pay, but also to drain bank accounts linked to phone apps or transferring money from money-sending apps like PayPal.
The original owner of the device is locked out completely at this point, with no option left to regain access to the digital life or the stolen iPhone.
The Wall Street Journal reports that hundreds of these crimes have been reported in New York alone.
Over-the-shoulder attacks are not a new technique. They have been used in the past for other criminal activity, for example, when bank customers enter their PIN when using ATMs.
The passkey attack may be the most common form used by criminals, but reports suggest that some attackers drug iPhone owners to gain access to their devices using biometrics.
Modern smartphones support several unlock options. Passkeys are common, but smartphone owners may also use biometrics to unlock their device. Common options include using their fingerprint, which Apple calls Touch ID, or facial recognition, which Apple calls Face ID.
Instead of using over the shoulder attacks to take note of the passkey and then grab the iPhone, these attackers appear to drug their victim to gain access to their fingerprint or face to unlock the iPhone.
Everything else after that is identical to the passkey method. Victims lose access to find my device and their Apple account, which effectively locks them out of their device.
Some iPhone owners stated that they were "physically assaulted and intimated" into handing over their phones and passkeys.
The Wall Street Journal interviewed several victims, and all stated that attacks happened when "they were out at night socializing".
What attackers can do with just the iPhone and passkey
- Change the Apple ID password
- Turn off Find my Phone.
- Force sign-out of trusted devices.
- Turn on recover key.
- Remove recovery contact.
- Change trusted phone.
- Change email address.
The Wall Street Journal published a video about the passcode problem on Apple iPhones.
Apple iPhone owners are high value targets. They have a few options to improve security. One of them is to enable the recovery key, so that access to the account can be regained should the phone be stolen. Another is to avoid using the iPhone in public places.Advertisement