The secrets of an iPhone thief: he made two million dollars by stealing phones and getting all the passwords
The vulnerability of mobile phones and devices in general due to cybercriminals is an all too real fact today.and in the case of iPhone users, the tactics of people like Aaron Johnson have proven to be a tangible threat.
He Wall Street Journal conducted an interview with Johnson, from jail—who shared his methods for getting hold of iPhones, unlocking them, and accessing sensitive information, from banking details to app passwords.
This thief not only steals devices, but also exploits vulnerabilities. On a good weekend he could get around $20,000 from the sale of stolen cell phones, but the profit multiplied when he extracted that money from users’ banking apps.
“I am already serving a sentence. I just feel like I should try to be on the other end of things and try to help people,” she tells The Wall Street Journal.
Aaron Johnson’s modus operandi: He stole iPhones at a rate of five to ten a night, and stole 30 iPhones over a weekend
In his early days, Johnson’s focus was on stealing iPhones for later sale. However, he soon discovered that he could make greater profits by taking full control of the device without the owner realizing. His strategy included watching iPhone users in bars as they entered six-digit passwords.
He also resorted to tactics that go further, such as trick drunk college students into getting their passwords. Once in possession of the mobile phone and the password, their full access to the device triggered an unscrupulous process of resetting passwords and deactivating essential functions.
“I would tell them, ‘Hey, your phone is locked, what’s the passcode?’ They would tell me the number, and then I would just remember it,” Johnson says.
As mentioned before, Johnson wasn’t just content with stealing iPhones, he moved on to unlocking apps and accessing bank accounts, cryptocurrencies, and financial services..
In the interview it was revealed that by succeeding in face unlocking, he obtained “the key to everything”, manipulating Face ID to open applications and reveal passwords. Even when face unlock failed, he would scan the Notes app for key data that many pointed to there. Within hours, the victims’ bank accounts were empty.
Cases like Johnson’s prompt a countermeasure from apple
Faced with episodes like Johnson’s, Apple has announced a new feature, Stolen Device Protection, which will be available with iOS 17.3.
This novelty, although disabled by default, can give you an additional layer of security. Require Face ID or Touch ID verification for certain very important actions, such as changing passwords or disabling security features. Although it may not be a 100% solution, it is certainly an extra step towards user protection.
Of course, In addition to activating this feature when available, it is recommended to use strong passwords that combine letters and numbers. It is essential to avoid exposing your password in public environments and be aware of possible deception attempts. Keeping sensitive data out of applications like Notes is also something you should keep in mind because you’ve already seen where they like to look.
