The password that allows iPhone owners to access their handsets is now making it simple for criminals to steal users' personal information and financial data while they are out in public.
The Wall Street Journal reports that criminals use a remarkable low-tech approach to see iPhone users tapping their passcodes before making off with the devices and the victims' digital belongings.
After having her iPhone 13 Pro Max stolen from a bar in Midtown Manhattan, a senior economist at a workforce intelligence firm lost all of her images, contacts, and notes in less than 24 hours.
"With only the iPhone and its passcode, an interloper can within seconds change the password associated with the iPhone owner's Apple ID," said the report.
If this happens, the victim will lose access to their iCloud account, as well as anything else they have stored there.
"The thief can also often loot the phone's financial apps since the passcode can unlock access to all the device's stored passwords," it added.
When the new password has been set, the programme may be configured to sign out the victim's Apple account from any other computer or mobile device using the same Apple ID.
When creating a new password with Apple applications, the previous password is never requested.
The new passcode will allow the thief to deactivate Find My iPhone. To make matters worse, turning off Find My iPhone lets the burglar sell the device again.
"We sympathise with users who have had this experience and we take all attacks on our users very seriously, no matter how rare," the spokesperson was quoted as saying.
"We will continue to advance the protections to help keep user accounts secure." Nearly all of the victims had their iPhones stolen while they were out at night socialising at public places, pubs and bars.
Apple accounts were locked in all cases for iPhone owners.
"They then discovered thousands of dollars in financial thefts, including some combination of Apple Pay charges, drained bank accounts linked to phone apps and money taken from PayPal's Venmo and other money-sending apps," the report elaborated.
Also, READ: Nothing, Oppo, Vivo, Xiaomi and others to get Snapdragon satellite technology soon
Although the same flaw exists in Google's Android mobile operating system, iPhones are "a considerably more prevalent target" due to their "greater resale value."
"Our sign-in and account-recovery policies try to strike a balance between allowing legitimate users to retain access to their accounts in real-world scenarios and keeping the bad actors out," a Google spokesperson was quoted as saying.
In order to keep your Apple ID safe, Apple has announced the option to employ hardware security keys, essentially little USB dongles.
(With inputs from IANS)
