How do crooks manage to take over users’ digital lives using just their iPhone PIN? The criminals behind the security gap, which has existed for several years and will soon be mitigated by Apple with new anti-theft functions, have so far always remained in the dark. The Wall Street Journal has now succeeded with one to speak to convicted iPhone thief, who claims to have ripped off more than a million US dollars in this way. As it turns out: the level of professionalism is high.
Advertisement
Social engineering or video
26-year-old Aaron J. has already been convicted and is serving several years in prison in Minnesota. According to his own statements, he managed to steal and sell iPhones and iPads worth $20,000 on a good weekend. But that wasn’t all: He tried to take over the digital lives of each of those stolen – including plundering their accounts. The problem: With the iPhone PIN, all options were open to him.
He (also) got the PIN through social engineering: If he didn’t watch other people enter the PIN and/or record it on video, he asked them if he, as an aspiring rapper, would like to join them as a Snapchat contact could enter. “After a brief conversation, they handed the phone to Johnson, thinking he would enter his information and give it right back,” writes the Wall Street Journal. “I then say, Hey, your phone is locked. What’s the passcode?” The victims then gave it to him and J. disappeared with the iPhone.
iCloud password changed in minutes
He then changed the iCloud password within minutes – which is still only possible with an iPhone PIN without knowing the old password. He then used the password to turn off the Find My feature to stop possible tracking or remote wiping. Finally, he also changed the Face ID face using the iPhone PIN or added another one. This then gave him access to protected banking apps, Paypal, etc., which he used to get money. Thanks to Face ID, he was also able to use Apple Pay cards stored on the device and then use them to shop in luxury stores. He particularly enjoyed purchasing additional Apple products in order to then sell them.
J. then also made money with the stolen iPhone: He deleted the device and was able to sell it as used goods to a fence who then sold it in Asia. J. was finally discovered through the fence, who only had to go to prison for 120 days. Regarding Apple’s new security features, J. said there will certainly be new “tricks” to take over Apple devices later. The iPhone 15 Pro Max, Apple’s most expensive iPhone, is particularly popular as stolen goods. By the way, J. rarely stole Android models.
(bsc)