Readers like you help support MUO. If you make a purchase through links on our site, we may receive an affiliate commission. Continue reading.
Apple’s iPhones are currently considered to be one of the safest mobile phones around. Face ID, the primary means of signing in on modern iPhones, uses the TrueDepth camera and machine learning for secure authentication.
But are iPhones really that safe, especially when stolen? A recent report suggests otherwise. However, there are some steps you can take to reduce the chances of your data being compromised in the event of a stolen iPhone.
Thieves could spy on your iPhone
according to a Wall Street Journal report, a handful of iPhone thefts were preceded by criminals spying on iPhone users, particularly while they were using their devices. The thieves either befriended the target in bars and prompted them to open an app like Snapchat on their iPhone to try and observe their password as they typed it. Other thieves discreetly filmed the user entering their passcode.
Once the iPhone’s passcode was compromised, the thieves stole the devices and used the passcode to unlock them and access user data. In the case of one user, this also resulted in $10,000 being transferred from her bank account.
It’s very easy for criminals to reset your Apple ID password and disable Face ID or Touch ID if they know your device’s password. Likewise, they can turn off Find My iPhone so you can’t track your device or remotely erase it via iCloud. Some thieves were also able to access passwords stored in iCloud Keychain, leading to access to banking apps.
Even more worryingly, knowing your iPhone’s passcode could allow a thief to access Apple Pay and make payments using your saved cards. Although Apple Pay authenticates with Face ID or Touch ID by default, thieves can bypass them by entering the iPhone’s passcode.
How Apple intends to protect its users
Apple has not yet publicly responded to the report; However, Joanna Stern (author of the WSJ report) tweeted Apple’s response on the matter:
Knowing someone’s passcode gives criminals full access to an iPhone. Not only can you bypass Face ID, you can also change Apple ID contact information, turn off Find My iPhone, and set up recovery keys. Currently, Apple’s policies do not allow users to regain access to their accounts if they have set up an Apple recovery key but are unable to present it when required.
Hopefully Apple will add more protection to their devices in the future. Among the steps Apple can take is enabling two-factor authentication to change an iPhone passcode. Likewise, another solution can be a redundancy method to access your Apple account with a backup password if your original account has been compromised.
What can you do to protect your iPhone?
Although we believe that these types of thefts are rare, it is still possible and it is better to protect yourself from it. The first step to protecting yourself is to set up and use Face ID or Touch ID whenever possible as it is the most secure way to access your iPhone.
Alternatively, you can switch to an alphanumeric passcode, which is harder to decipher when you type it. If you need to enter your passcode in public, try blanking the screen or covering it with your other hand, similar to entering your PIN at an ATM. Also, make sure you have set up an account recovery contact for your Apple ID, which will help you use recovery keys in case of a compromised Apple ID.
Be careful when using your iPhone in public
A stolen iPhone is a person’s worst nightmare, but when all your data is compromised and there is a risk of losing your money, it’s a lot worse. For this reason, we recommend being careful when using your phone in public and keeping it away from prying eyes. This is even more important in high risk areas like bars, subways, etc.
Using biometric authentication like Face ID and Touch ID as the primary means of unlocking your iPhone also helps. And if your iPhone forces you to enter your passcode to open it, always remember to hide your device or cover your screen for extra protection.
This article was previously published on Source link