Criminals Use Apple’s Recovery Key to Lock Users Out of Their Stolen iPhones: Report
Apple’s recovery key feature allows iPhone users to reset their Apple ID password or regain access to their Apple ID account. Now, a Wall Street Journal report shows how cybercriminals and thieves can lock a user out of a stolen iPhone by using Apple’s advanced security setting. With the randomly generated 28-character sequence, a thief can reset the original iPhone owner’s Apple ID password in the Settings app. The criminals can then turn off Find My iPhone on the device to prevent the victim from tracking its location, and erase the data on the phone.
According to the Wall Street Journal report, 46-year-old Greg Frasca lost access to his iPhone 14 Pro, stolen from a bar in Chicago in October. Thieves spotted him entering his passcode at the bar and used it to change Frasca’s Apple ID password after the phone was stolen. They allegedly enabled the recovery key feature and used the 28-character code to block Frasca from tracking the stolen device through Apple’s Find My feature. This prevents the victim from remotely erasing the device via iCloud and accessing files like photos and videos.
Once criminals get access to the stolen iPhone, they can steal money via Apple Pay or other banking and financial apps. They can also gain access to sensitive data on the iPhone including photos, files and emails.
Apple introduced recovery keys in 2020 with the release of iOS 15 to improve the security of Apple accounts. A recovery key can be used to reset the password or regain access to an Apple ID. Once a user generates a recovery key, Apple automatically turns off account recovery. If the user loses the device and recovery key, they could be locked out of their account permanently. The recovery key can be accessed via Settings or System Preferences on a trusted device signed in with your Apple ID.
Apple reportedly responded to the issue, saying it is “always investigating additional protections against emerging threats like this one.” The report quotes an Apple spokesperson as saying “We sympathize with people who have had this experience and we take all attacks on our users very seriously, no matter how rare. We work tirelessly every day to protect our users’ accounts and data, and are always investigating additional protections against emerging threats like this one”.
The latest incident highlights the need of how important it is to keep your iPhone safe. In public spaces, iPhone users are recommended to use Face ID or Touch ID, Apple’s biometric unlocking mechanisms, to unlock their handsets. Also, users are advised to use complex passwords with numbers and letters, to protect their devices.