Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

1) Criminals work in groups to steal iPhones. One person will watch you or take a video of you entering your passcode, another person will snatch the phone from you.

2) Within 3 minutes, the criminals will use the phone passcode to reset your Apple ID password, change the trusted phone number of your Apple ID, and set a recovery key.

3) Now they can deactivate "Find my iPhone"

4) And they can log out all your other devices, lock them, or even erase them remotely

5) Now you have no way to access your iCloud account, and the thieves have completely taken over your digital identity

6) Using passwords saved on the phone, and with SMS 2FA, they can now transfer money from all your accounts

7) Using other data stored on your phone (eg. in photos), they can apply for Apple Credit Card and use that to steal more money from you

Joanna Stern recommends these steps steps:

1) Use a complex passcode

2) Use a 3rd party password manager with a different passcode

3) Check your photos to make sure there are no photos of sensitive documents



So the 6 digit iPhone passcode overrides the iCloud master password? That's insane.


Yeah I don't understand why Apple would even know my iPhone passcode.

I always assumed it stayed on the device.


It does stay on the device; the iPhone passcode is entered and authenticated locally, then the iPhone authorizes the AppleID password change since you're "authentic."




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: