Apple’s iPhones are currently considered one of the safest mobile phones out there. Face ID, the primary means of logging into modern iPhones, uses the TrueDepth camera and machine learning for secure authentication.
But are iPhones really that safe, especially when they are stolen? A recent report suggests otherwise. However, there are a few steps you can take to help reduce the chances of your data being compromised in the case of a stolen iPhone.
Thieves May Be Spying on Your iPhone
According to a Wall Street Journal report, a handful of iPhone thefts were preceded by criminals spying on iPhone users, especially while they were using their devices. The thieves either befriended the target at bars and asked them to open an app such as Snapchat on their iPhone, attempting to observe their password as it’s being entered. Other thieves would discreetly video the user as they entered their passcode.
Once the iPhone’s passcode had been compromised, the thieves stole the devices and used the password to unlock them and access user data. In one user’s case, this also resulted in $10,000 being transferred from her bank accounts.
It is very easy for a criminal to reset your Apple ID password and disable Face ID or Touch ID if they know your device’s password. Similarly, they can disable Find My iPhone, preventing you from tracking your device or remotely erasing it via iCloud. Some thieves could also access passwords saved in iCloud Keychain, which led to access to banking apps.
What’s even more concerning is that knowing your iPhone’s passcode allows a thief to access Apple Pay and make payments using your stored cards. Although Apple Pay defaults to Face ID or Touch ID authentication, thieves can bypass it by typing the iPhone’s passcode.
How Apple Plans to Protect Its Users
Apple hasn’t publicly responded to the report yet; however, Joanna Stern (author of the WSJ report) has tweeted Apple’s response on the matter:
Knowing someone’s passcode gives criminals full access to an iPhone. In addition to bypassing Face ID, they can change Apple ID contact information, turn off Find My iPhone, and set up recovery keys. Currently, Apple’s policies don’t allow users to regain access to their accounts if they’ve set up an Apple recovery key but can’t produce it when needed.
Hopefully, Apple will add further protection to its devices in the future. Steps Apple can take include enabling two-factor authentication to change an iPhone passcode. Similarly, another solution may be a redundancy method to access your Apple account using a backup password if your original account has been compromised.
What Can You Do to Protect Your iPhone?
Although we believe these types of thefts are rare occurrences, it’s still a possibility, and it’s better to protect yourself again them. The first step to protect yourself is to set up and use Face ID or Touch ID whenever possible, as this is the most secure way to access your iPhone.
Alternatively, you can switch to an alphanumeric passcode that’s harder to decipher when being entered. If you do have to enter your passcode in public, try to hide the screen or cover it with your other hand, similar to entering your pin at an ATM. Also, make sure you’ve set up an account recovery contact for your Apple ID, which will help you use recovery keys in case of a compromised Apple ID.
Watch Out While Using Your iPhone in Public
An iPhone being stolen is a person’s worst nightmare, but having all your data compromised and being at the risk of losing your money is way worse. This is why we recommend watching out while using your phone in public and keeping it away from prying eyes. This is even more important in high-risk areas like bars, metros, etc.
Using biometric authentication like Face ID and Touch ID as your primary means of unlocking your iPhone also helps. And if your iPhone forces you to enter your passcode to open it, always remember to hide your device or cover your screen for added protection.