Wired
>
Apple ID is associated with a lot of important information and accounts, and the mobile phone number is equal to the “identity card”, which can be used to reset the password.Both are lost together with serious consequences
Sina Digital News on the morning of July 8, a report in the Brazilian newspaper Folha de S. Paulo last month mentioned that criminals stole iPhones locally in order to gain access to the owner’s bank account, not just resell these phones. Now, the police seem to have finally figured out how they obtained access to the bank account. The process is so simple.
Sao Paulo police arrested a gang specializing in the theft of smartphones, and criminals confessed how they hacked Apple devices.
At first, people thought that thieves used some loopholes or other advanced methods (such as professional tools such as Cellebrite) to unlock the stolen iPhone, but the whole process is actually much simpler than this. The police chief revealed that criminals only need one tool to access all the data on the device: the SIM card in the iPhone.
The thief removed the SIM card from the stolen iPhone and put it in another mobile phone. By logging into social networks such as Facebook and Instagram through their phone number, they can easily find the email address used by the stolen phone. In most cases, users will also use this common email as their Apple ID. All they need to do is reset the Apple ID password with the owner’s phone number.
The police said that people’s awareness of prevention is actually very weak. The easiest way for criminals to find the password is to check the iPhone memo, where many users store bank and credit card passwords. In addition, by accessing the iCloud account, they can also easily get all the passwords from the iCloud keychain.
When they download data from the cloud to a new device, they search for information associated with the word “password”, and according to them, they usually get the information they need to access the victim’s bank account. After obtaining this information, they returned the SIM card to the victim’s mobile phone and handed the device to the gang member responsible for the theft of the bank account.
One of the arrested suspects is a 22-year-old computer technician who told the police that they instructed criminals to obtain passwords from stolen smartphones. The Sao Paulo police have arrested 12 people and have identified another 28 criminals suspected of stealing smartphones. However, the police do not rule out the possibility that some gangs can use more sophisticated tools to unlock the victim’s iPhone.
After Folha de S. Paulo reported, Apple promised to Brazilian media that they would make it easier for users to delete all data from stolen iPhones. However, the company did not elaborate on the specific content that will be implemented.
In iOS 15, users will eventually be able to use the “Find My” app to track a powered off iPhone.
Of course, the best practice for protecting accounts is not to store passwords in memos or other non-secure applications. Another good option is to use an eSIM virtual card instead of a physical SIM card, because eSIM cards cannot be easily transferred to other devices.
Earlier, there was also an article in China that mentioned in detail that criminals used their mobile phone number to reset the account password and enter the bank account after stealing the mobile phone. In the information age, mobile phone numbers are basically equivalent to the role of ID cards, and many passwords can be reset by accepting verification codes.