Expand / Collapse search

Investigation finds how low-tech trick can help thieves steal your digital life

By
Published  February 27, 2023 6:10pm CST
Consumer
FOX 26 Houston

Thieves targeting iPhone passcodes

FOX 26 Business Reporter Tom Zizka explains what a recent investigative report found and the results are suprising.

HOUSTON - A new report finds a simple feature designed to keep iPhones 'safe' is being used by thieves to steal a victim's entire digital life. The Wall Street Journal looked at a growing string of phone-thefts across the country, including Texas, where thieves are using a low-tech trick to gain control of those phones and everything connected to them.

It often happens in a public place, like a bar. Typically, the thief seems friendly and engaging, or is 'shoulder surfing' to catch a glimpse of the phone's passcode, before finding an opportunity to grab it and go. Armed with that passcode, the phone's owner can be locked-out in minutes.

RELATED: Apple software update released to fix important security issue

Houston tech expert Juan Guevarra Torres agrees with the Journal's findings, "The Apple ID and passcode are probably the two sets of data that contains a wealth of information."

Having the passcode to get into an iPhone allows a knowledgeable thief to quickly change the Apple ID password, force other devices on the account to be signed-off, and turn the 'find my iPhone' feature off. 

Next, all the original access to any iCloud data is changed, so only the thief can get it. Then, they have free access to any passwords, stored there, as well as mobile pay, credit card information and photos. 

RELATED: Apple’s iOS 15.6.1 software update fixes 2 security vulnerabilities

The Journal investigation noted instances of people losing thousands of dollars, before they ever knew their phone was gone. 

"It is important to be cognizant, as a practical matter, that your phone can be compromised," says Guevarra Torres. "The question to you should be, 'What is my scenario if my phone gets compromised; if I lose it; if somebody steals it?"

For it's part, Apple seems to lean toward user-error in the thefts, telling the Wall Street Journal, in part, "We take all attacks on our users very seriously, no matter how rare. We will continue to advance the protections to help keep user accounts secure."

Android phones also use a passcode to gain entry, but the difference, generally, is that it doesn't unlock a cloud-file that holds all your personal information. Still, there remains a vulnerability if someone gets in. 

More than anything, it is an important reminder to use the protections that already exist, like fingerprint or facial recognition to get into the phone, and being careful about how and where you use it in a crowd.