During a recent investigation, it was discovered that a thief named Aaron Johnson had revealed the methods he used to steal over £230,000 from unsuspecting iPhone owners. Unlike the security tool, Johnson was able to manipulate it to his advantage. Instead of relying on brute force or hacking techniques, he employed more deceptive tactics.
Johnson’s modus operandi involved visiting local bars and befriending young individuals, particularly those with expensive iPhone models. He would initiate conversations and gain their trust before temporarily taking their phones. While using the devices, he discreetly observed them entering their passcodes. Once he had memorized the codes, he would log into the phones and change the passwords, effectively blocking the owners from accessing their Apple IDs.
To further secure his access, Johnson registered his face in the Face ID function of the devices, granting him the ability to bypass the biometric security of the phones. This allowed him access to the password vault, where login information for banking applications was stored. Johnson and his accomplices would then fraudulently withdraw thousands of dollars from the victims’ accounts, often before the owners realized their phones had been stolen.
The security loophole exploited by Johnson prompted Apple to introduce a new setting called “Device Theft Protection.” This feature prevents cybercriminals from blocking iPhone users’ access to their Apple accounts or gaining access to stored passwords. By utilizing this newfound awareness, users can now protect themselves from similar incidents by enabling Device Theft Protection.
Johnson targeted more vulnerable individuals, such as intoxicated students with expensive iPhone models. He would approach them, offering drugs or pretending to be a rapper, creating an opportunity for conversation and eventually persuading them to reveal their passwords.
Once in control of the devices, Johnson wasted no time in transferring large sums of money from the victims’ accounts using mobile payment services like Venmo, Zelle, and Coinbase. The next day, he would make extravagant purchases using Apple Pay, including additional Apple products.
To dispose of the stolen phones, Johnson would sell them to a contact known as “Brandon Su” or the “Man with the iPhone.” Su allegedly exported the devices abroad, including to Hong Kong.
Apple responded to this criminal activity by introducing Device Theft Protection in the latest iOS system update. This feature relies on user biometric data and device location to deter thieves from blocking the device owner. If an unfamiliar location is detected, the device will require the use of Apple’s Face ID or Touch ID technology to unlock. Three protective features are activated upon enabling Device Theft Protection, ensuring that any unauthorized attempts to change passwords or access personal information are thwarted.
The implementation of these additional security measures by Apple aims to safeguard the data of its users and prevent future occurrences like Johnson’s criminal activities.
FAQ
How did the thief manipulate iPhone security?
The thief, Aaron Johnson, would establish relationships with iPhone owners in bars and, taking advantage of their trust, temporarily take their phones. He would discreetly observe them entering their passcodes and then log into their devices and change the passwords, blocking the owners.
How did Apple respond to this criminal activity?
Apple introduced a new feature called “Device Theft Protection” that prevents users’ access to their Apple accounts from being blocked or unauthorized access to stored passwords. This feature relies on user biometric data and device location.
Definitions
– Face ID: Facial recognition technology used in Apple’s iPhones that allows users to unlock their devices using their face.
– Device Theft Protection: A feature introduced by Apple that prevents cybercriminals from blocking iPhone users’ access to their Apple accounts or gaining access to stored passwords.
Source: www.apple.com
The source of the article is from the blog trebujena.net