You will want to safeguard a smartphone that is worth at least $1,000 when you carry it around in your pocket. However, your personal data on the device may be more valuable to thieves than the device itself.
A new method by which thieves are hacking into your iPhone to steal your information was revealed in a recent Wall Street Journal report: your secret code. According to the report, in order to memorize the combination of numbers, iPhone users are beginning to watch as they enter their numeric or alphanumeric passcodes. The users are then locked out of iCloud after they steal their phones, log in, and change their Apple ID passwords by entering the passcode.
This gives the burglars enough time to prevent you from accessing important data and using Find My iPhone to track your phone. They can reset recovery codes to prevent any attempts to reset changed passwords after gaining access to your accounts. In addition, there is a possibility that they could use the passcode to access your financial apps and accounts and commit fraud.
A spokesperson for Apple told the newspaper that security researchers would agree that iPhones are the “most secure consumer mobile device.” The spokesperson also said that Apple is always working on updates to help thwart any “new and emerging threats” in order to protect customers. Apple stated that while it still takes these incidents seriously, it does not believe the specific strategy mentioned in the Wall Street Journal report to be common.
“We sympathize with users who have had this experience and we take all attacks on our users very seriously, no matter how rare,” the spokesperson said. “We will continue to advance the protections to help keep user accounts secure.”
CBS News contacted Apple for additional information regarding the potential danger, but Apple did not immediately respond.
Three ways to protect yourself from hackers iPhone users should still be careful when using their devices in public. In recent years, Apple has released a number of security updates and data protections, but you can still protect your phone and data in other ways. Here are some general guidelines.
- Protect your passcode One of the most obvious ways to keep a potential thief from getting access to your smartphone is to cover the screen when entering your passcode, or to not tap it at all.
When out in public, smartphone users should, in the opinion of Vitaly Shmatikov, a computer science professor at Cornell University and Cornell Tech, use Touch ID or Face ID as much as possible.
If you must use a passcode, ensure that it is complex.
“Treat your phone’s passcode as you would a bank card PIN: Make sure it’s long and hard to guess,” Shmatikov said.
- Avoid storing passwords on your mobile, desktop, or tablet devices. While you might be tempted to do so, you should try to avoid doing so. You may become susceptible to hacking as a result of this.
“Don’t store passwords to sensitive websites and apps on the phone,” Shmatikov reiterates.
Think about using a password manager, which is a safe piece of software that can create and store sensitive passwords. A survey conducted by Consumer Reports in 2022 found that 39% of consumers use a password manager for their online accounts, a slight increase from 2019.
According to the survey, “Since 2019, a large number of individuals have adapted the use of multi-factor authentication versus a stagnant change in individuals who use a password manager or virtual private network,” and 77% of customers will be using two-factor authentication in 2022.
- Install two-factor authentication Two-factor authentication is a useful tool that requires users to enter a backup security code that is sent to a trusted device or email before they can access a website.
According to Shmatikov, “Two-factor authentication for Apple ID is a must, and the second factor should be a separate trusted device (like an iPad, a Mac, or an Apple Watch).”
SMS text messages should not be used for two-factor authentication, according to many experts, especially if you are worried that your phone will be stolen.
A growing threat is SIM swapping, in which a criminal hacks into your SIM card and gains access to your phone. The scam’s workings were recently explained by the FBI’s Phoenix Field Office.
In a news release, the agency explained, “They then socially engineer a customer service representative to port the victim’s phone number to a SIM card and phone in their control.” They then employ social engineering to transfer the victim’s phone number to a SIM card and phone under their control using a customer service representative.
A backup text won’t protect your accounts if someone has access to your phone, and a criminal can easily change your backup keys and passwords.
“For sites and apps that require two-factor authentication — for example, banking sites — don’t use SMS/text as the second factor. Instead, use an authenticator app (like Google Authenticator, Microsoft Authenticator, Duo, Okta Verify, etc.) and turn on biometric protection — require Face ID or Touch ID — in the authenticator app,” Shmatikov advised. “Then a thief who steals your phone won’t be able to get authentication codes and log into financial sites as you.”