If you own an iPhone, people like Aaron Johnson are your worst nightmare.
Recently, we learned from foreign media the story of an Apple mobile phone thief. In an interview with the Wall Street Journal from behind bars, Johnson explained how he could take control of someone else’s iPhone and gain access to banking and financial apps, among other things, within seconds.
It is reported that he stole hundreds of iPhones and hundreds of thousands of dollars. The arrest warrant said he stole $300,000, but Johnson said the true total was between $1 million and $2 million.
According to reports, Johnson initially stole iPhones, cleaned them and resold them. But he soon realized that stealing an iPhone and gaining control of it would “make money faster.”
Johnson would hang out in Minnesota bars and watch iPhone users enter their six-digit passcodes.In addition to watching carefully and seizing the opportunity for iPhone users to enter their passwords, he also has a method of getting young college students to reveal their passwords, since many of them are often drunk.
According to the arrest warrant, once Johnson had his phone and password, he went into Settings, then iCloud, and clicked Reset Password. After entering the stolen password, he would change it to his own number. He then turned off Find My iPhone, completely locking out the device’s legitimate owner.
It is not difficult to see from this that all iPhone users should protect their passwords. With your password, someone else can change your Apple ID and access your account. It is reported that Johnson can lock other people’s iPhones and change passwords and Apple IDs in just 5 to 10 seconds. With the passcode in hand, Johnson could change Face ID so that his own face could unlock the device and access banking, securities and other financial apps.
Johnson pointed out in the interview that once your face is recognized by Face ID, “you have a master key.”He admitted that he opened a number of applications to access the victim’s savings account, checking account, cryptocurrency and PayPal, among others. If he can’t unlock the phone with his face, he also opens Notes on his phone. He found this to be a treasure trove of information, where he could often find passwords and other information.
Johnson would steal the owner’s bank account and go on shopping sprees using the victim’s unused credit. Then, after wiping the iPhone owner’s information, he performs a factory reset and sells the phone.
According to reports, at the rate of stealing 5 to 10 iPhones every night, he could steal 30 iPhones a week.Just selling stolen mobile phones can make $20,000 (approximately 143,000 yuan) a week. Ironically, Johnson also said Apple should do more to protect its users.
In fact, Apple is doing just that.
In iOS 17.3, Apple will add a “Stolen Device Protection” feature, which is turned off by default. When the iPhone leaves the user’s home or workplace, certain actions, such as changing the Apple ID password, changing Face ID, or disabling Find My iPhone, require Face ID or Touch ID verification.