The recent series of iPhone thefts in Brazil has once again issued a warning to users who store passwords in non-secure areas on their devices. In June, there were reports of multiple thefts dating back to 2020. However, the thieves did not directly dispose of the hardware but tried to access the victim’s bank account through unauthorized means. Obviously, this kind of high-tech crime is obviously more profitable than low-level means of looting.
Apple Insider pointed out that the police arrested a group of gang members specializing in such high-tech crimes in Sao Paulo. As for how the locked iPhone was compromised and how the bank account was accessed, it is still unclear for more details.
However, the facts are not as expensive and complicated as government data collection/law enforcement forensics tools, because the team makes full use of the weaknesses of collecting SIM cards. Police Chief Fabiano Barbeiro said:
The criminals ejected the SIM card in the victim’s iPhone with a card removal needle, placed it in another unlocked device, and then searched for related accounts on social networks such as Facebook/Instagram.
Once successful, the criminal will know the associated email address. A suspect stated that the address is usually also associated with the user’s Apple ID.
Then reset the Apple ID password on the unlocked iPhone through the Email account and mobile number, download the system backup information from iCloud, and search for the’password’ keyword from it. (High probability with the help of Spotlight function)
The suspect stated that in many cases, the victims stored passwords, account numbers, and other important information in plain text. With the help of the above information, they can put the SIM card back into the victim’s iPhone and hand it over to another group of people to hack the victim’s bank account and transfer the funds into the account.
Earlier this year, 9to5Mac also reported that the gang had been arrested. However, for security reasons, iPhone users still need to be vigilant about the account and secret information stored in plain text.
Even if Apple does provide certain security features that can mitigate the damage of attacks, such as two-factor authentication and remote data erasure after device loss, the company’s commitment to making the latter “more accessible” can only be Play a role before being caught by criminals.
So in addition to setting a strong password on the device, you’d better also use a reliable password manager (such as the Keychain function provided by Apple) to specify different passwords for different accounts and network services.
Brian is the news author at Research Snipers which mainly covers Technology News, Microsoft News, Google News, Facebook, Apple, Huawei, Xiaomi, and other tech news.