iPhone passcode thief reveals his secrets; this guy is your worst nightmare

iPhone passcode thief reveals his secrets; this guy is your worst nightmare،

If you own an iPhone, someone like Aaron Johnson is your worst nightmare. Interviewed in prison by Joanna Stern of the Wall Street Journal, Johnson explained how, in seconds, it could take control of your iPhone, locking you out and accessing your banking and finance apps, and much more. He stole hundreds of iPhones and hundreds of thousands of dollars. The arrest warrant says he stole $300,000, but Johnson says the actual total is between one and two million dollars.

Johnson's game originally involved stealing iPhones, erasing them, and then reselling them. He explains that without a job, homeless and responsible for the children, he had to find something to make money, and steal iPhones. But he soon realized there was more money involved in stealing an iPhone and taking control of the device without the phone's owner initially knowing what was happening.

Protect your iPhone password and don't give it away

Johnson would hang out in Minneapolis bars and watch iPhone users punch in their six-digit passcodes. In addition to carefully observing an iPhone user entering their passcode, he also had a system for young college-age students to spit out their passcode, as many of them were drunk. He would approach them and tell them he had drugs even though he didn't. He would offer to put his information in their phone and once in his hand, he would lock the device and either ask for the password or give it back to the owner to watch them unlock it.

Getting the password was one thing, but gaining possession of the phone required him to resort to “deception and violence,” according to his arrest warrant. And once he had your phone and password, you were in big trouble. He would go to Settings, then iCloud, and click Reset Password. After entering the stolen password, he replaced it with his own number. He then disabled Find My iPhone, which completely locked out the rightful owner of the device.

All iPhone users should protect their password. With the password, someone can change your Apple ID and access your account. Johnson got to the point where he could lock someone out of their iPhone and change the password and Apple ID in just five to 10 seconds. With the passcode, Johnson could change Face ID so that his own face unlocks the device and gives him access to passwords used in banking, securities and other financial applications.

As Johnson noted while speaking with Stern, once you have your face on Face ID, “you have the key to everything.” He admitted to opening apps to access the victims' savings accounts, checking accounts, cryptocurrency apps, Venmo, and PayPal. And if he couldn't unlock the phone with his face, he opened the Notes app which he considered a treasure trove of information. That's where he would find the passwords and social security numbers.

Before 5 a.m. the day after an iPhone burglary, Johnson allegedly emptied the owner's bank accounts. He also went shopping with the victim's unused credit lines. And then, after eliminating the iPhone owner, he would do a factory reset and sell the phone.

Apple will release Stolen Device Protection feature with iOS 17.3

Stealing iPhones at a rate of five to ten a night, he used 30 iPhones over the course of a weekend. The sale of the stolen devices alone would bring in $20,000 per week. Some of these funds were used to purchase iPad Pro tablets which Johnson sold to generate more cash. Ironically, Johnson says Apple should do more to protect its customers. And indeed, that is the case.

With iOS 17.3, Apple will add the Stolen Device Protection feature which will be disabled by default. Activate it by going to Settings > Face ID and passcode > Protecting Stolen Devices. To protect yourself from criminals like Johnson, you need to enable this feature. When an iPhone is away from the user's home or work, certain tasks such as changing an Apple ID password, changing Face ID, or turning off Find My iPhone would require Face ID verification or Touch ID.

For an hour, no changes would be made and Face ID or Touch ID verification would be required again. The one-hour delay is important because it gives victims an hour to discover that they don't have access to their phone and report it to Apple, hopefully in time.

In addition to leaving passwords and important personal data out of the Notes app, use a passcode that consists of both numbers and letters. Be careful how you expose your password and don't give it away.