How to Protect Yourself from iPhone Thieves Locking You Out of Your Device

A concerning new trend has emerged where thieves are exploiting an iPhone security feature called the recovery key to lock victims out of their devices and drain their bank accounts. This method, although complex, has been growing in frequency, according to a recent report by The Wall Street Journal. The attack involves stealing an iPhone and manipulating the device’s security settings to make it nearly impossible for the owner to regain access to their data.

The process begins with a criminal observing the victim’s passcode or tricking them into revealing it. This can happen in public places, such as bars or events, where the thief might catch a glimpse of the passcode. Once they have access to the device, the thief can change the Apple ID, disable “Find My iPhone” to prevent tracking, and reset the recovery key—a 28-digit code designed to prevent unauthorized access. If the thief changes the recovery key, the rightful owner will be locked out of their account.

Apple has acknowledged the issue, noting that while this type of attack is rare, it is taken very seriously. The company also emphasizes that users are responsible for maintaining access to their recovery key and trusted devices. If both are lost, users could be permanently locked out of their accounts.

Jeff Pollard, a security expert at Forrester Research, has called on Apple to provide better customer support options to help users recover from such incidents. Until such support is available, here are a few steps iPhone owners can take to safeguard their devices:

1. Protect Your Passcode:
   The first line of defense is ensuring that your passcode is secure. Apple recommends using Face ID or Touch ID, particularly in public spaces, to avoid revealing your passcode. Users can also set up a longer, alphanumeric passcode, which is more difficult for thieves to guess. If you believe someone has seen your passcode, change it immediately.
2. Use Screen Time Settings:
   A clever workaround involves setting up a secondary password within the iPhone’s Screen Time settings. This password is required before changes can be made to an Apple ID, preventing a thief from altering your Apple ID without it. Although not officially endorsed by Apple, this measure can add an extra layer of protection.
3. Back Up Regularly:
   Frequent backups, whether through iCloud or iTunes, can protect your data in case your phone is stolen. In addition, consider storing important files and photos on other cloud services like Google Photos, Microsoft OneDrive, or Dropbox. While this won’t prevent thieves from accessing the device, it can minimize the loss of personal data.

By taking these steps, iPhone users can reduce the risk of being locked out of their devices and mitigate the damage if their phone is stolen.