This iPhone theft warning shows why Face ID is more important than ever before — criminals swiping 80 phones a day can make $63,000 in half an hour
Stay safe out there.
More than a year after a major report revealed a critical weakness in iPhone security, a new report has revealed that criminal gangs are still using the exploit to swipe phones from unsuspecting victims, before using their own passcode to steal from them.
Last year, Apple said it was working “tirelessly every day to protect our users’ accounts and data” and was “always investigating additional protections against emerging threats,” after it emerged that thieves were stealing iPhones and using their owner's passcodes to access the devices.
The practice, dubbed “shoulder-surfing”, now seems to have found its way to the UK, where criminal gangs are using the method to steal and access upwards of 80 phones a day.
Shoulder-surfing is still a huge iPhone issue
As reported by The Guardian, criminal gangs “shoulder-surf” unsuspecting smartphone users, observing their victims in the hope they’ll catch a glimpse of them entering their iPhone’s passcode. Once they’ve seen you dial in the magic numbers, they can snatch the phone and use that information to unlock your iPhone with ease. With a passcode in hand, even the best iPhone on the market is easy pickings, and thieves “then access the phone and try to break into any financial apps, or search the phone’s notes section for any numbers or passwords.”
The UK proliferation of this practice is a little different from the WSJ method reported last year. In the U.S., criminals would use the observed passcode to access a stolen phone before changing a person’s Apple ID password, locking the victim out of their iCloud account, and crucially, disabling features like Find My iPhone. The UK thefts described in this week's report sound a bit more smash-and-grab, with criminals simply accessing devices, looking for numbers and passwords saved in Notes, and breaking into financial apps to drain money. Not to mention, you can at least use Apple Pay if you know someone’s iPhone passcode.
The insight includes an interview with a gang leader who “runs small teams who shoulder-surf people to steal phones for financial gain.” The ringleader boasted a team of four or five people who can steal 18 to 20 phones per person, netting the group some 80 phones a day.” Phones are reportedly often stolen in pubs and clubs, or snatched by someone on a moped. “The boys know now what they’ve got to do – they’ve got to look at certain apps and see if they can change the passwords,” he confessed.
The operation is lucrative too, with the leader claiming the gang could steal up to $25,000 a day on average, and that he had seen $50-$63,000 drained from an account in just 30 minutes.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
This harrowing news highlights the importance of Apple’s biometric security features, Touch ID and Face ID. While there’s only so much anyone can do to prevent someone from taking their iPhone into a crowded bar, nightclub, or even a busy high street, being discreet about entering your passcode in public or avoiding it altogether, is certainly advice worth heeding. It also highlights the importance of Apple’s new “Hidden apps” feature in iOS 18, which lets users hide important or private apps on their iPhones behind an extra layer of security.
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design. Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9
-
Annie_M Times are getting scarier and scarier. I am a strong advocate of Face ID! I hope people take heed of the warnings.Reply -
EdwinG An additional security feature one should use is a password, instead of a PIN.Reply
With Face ID or Touch ID, there’s no reason to use a short 4, 6, or even 8 digit PIN.