A concerning method of iPhone theft is on the rise, targeting users’ devices and permanently locking them out. According to a recent Wall Street Journal report, some thieves are exploiting a security setting called the recovery key, making it nearly impossible for owners to access their photos, messages, data, and more. Alarmingly, some victims also reported drained bank accounts after thieves accessed their financial apps.
While this type of takeover is difficult to execute, it underscores the importance of vigilance. Thieves often watch an iPhone user enter their passcode—perhaps by looking over their shoulder at a bar or sporting event—or manipulate the device’s owner into sharing their passcode. Once they physically steal the device, they use the passcode to change the device’s Apple ID, disable “Find my iPhone” to avoid tracking, and reset the recovery key, a complex 28-digit code meant to safeguard against online hackers.
Apple requires this key for resetting or regaining access to an Apple ID, enhancing user security. However, if a thief changes it, the original owner will not have the new code and will be locked out of their account.
“We sympathize with people who have had this experience and we take all attacks on our users very seriously, no matter how rare,” an Apple spokesperson told CNN. “We work tirelessly every day to protect our users’ accounts and data, and are always investigating additional protections against emerging threats like this one.”
Apple warns on its website, “You’re responsible for maintaining access to your trusted devices and your recovery key. If you lose both of these items, you could be locked out of your account permanently.” Jeff Pollard, VP and principal analyst at Forrester Research, suggests Apple should offer more customer support options and additional ways for users to authenticate and reset these settings.
Steps to protect your iPhone
Although this method of theft is challenging to execute, users can take several steps to protect themselves:
1. Protect the passcode
Using Face ID or Touch ID in public can help avoid revealing your passcode to potential thieves. Additionally, setting up a longer, alphanumeric passcode makes it harder for bad actors to figure out. If you believe someone has seen your passcode, change it immediately.
2. Utilize screen time settings
A hack circulating online, though not officially endorsed by Apple, involves using the Screen Time setting to set up a secondary password. This additional password would be required before any changes to the Apple ID could be made, adding an extra layer of security.
3. Regularly back up your phone
Regular backups via iCloud or iTunes ensure data recovery if your iPhone is stolen. Additionally, storing important photos and sensitive files in other cloud services like Google Photos, Microsoft OneDrive, Amazon Photos, or Dropbox can help limit the damage.
While these steps won’t prevent a thief from accessing your device, they can help mitigate some of the potential fallout. Being proactive about iPhone security can provide peace of mind and protect your valuable data.
