The Wall Street Journal published an article in February revealing a new type of theft activity targeting iPhone users; the media outlet released another report today, further revealing how thieves are using Apple’s recovery key option to permanently lock iPhone users’ Apple ID accounts.
This new type of theft is mainly carried out in the following ways:
Thieves spy on iPhone users in public places, such as bars, to get the passwords they enter.
Then the target is targeted to steal the iPhone.
Using the previously obtained passcode to unlock the iPhone and access other content such as financial apps.
In the Settings app, reset the victim's Apple ID password
Turn off the "Find My" feature on the device to prevent the device owner from tracking its location or remotely wiping the device via iCloud.
The report released today mentions an additional step thieves can take: setting or resetting the recovery key (a randomly generated 28-character code) on the stolen device. When enabled by thieves, it means that users are permanently incapable of getting their own iPhones back.
Apple’s official description of a recovery key is as follows
A recovery key is a string of 28 randomly generated characters that can be used to help reset your passcode or regain access to your Apple ID. While recovery keys are not required, using a recovery key gives you control over password resets, which can improve the security of your account.
Creating a recovery key turns off account recovery. The Account Recovery process typically serves to assist you in regaining access to your Apple ID account if you do not have enough information to reset your password. Learn more about how to use Account Recovery instead of a recovery key.
Apple’s response to this is as follows:
Apple is always looking at developing additional protections against such emerging threats.
Our hearts go out to anyone who has experienced this. No matter how rare the attack, we take threats against our users very seriously.
We are making improvements every day to protect our users' accounts and data, and are always working on additional protections against such emerging threats.