All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: photography and

Links on this site earn me fees or commissions.
As an Amazon Associate I earn from qualifying purchases @AMAZON

Consult with Lloyd: cameras, computers, backup, etc...
Lloyd’s Patreon
Designed for the most demanding needs of photographers and videographers.
Connect and charge all of your devices through a single Thunderbolt or USB-C port.

WSJ: A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life

re: cyber social engineering.

It’s not just about having your phone stolen; a phone can be replaced.

It’s about your bank account(s) being drained and your entire digital presence stolen/destroyed.

Worse, Apple’s recovery key feature can deprive you of access to iCould permanently—you lose everything on iCloud, forever.

Local backups (at home and/or office) not connected to a computer are critical. I keep trying to explain this to my kids and they just don’t get it—I hope my readers do.

See also: Apple iOS: Major Security Hazard if Passcode Compromised?

WSJ: A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life


Security hazard on iOS: auto-filll passwords

The passcode that unlocks your phone can give thieves access to your money and data; ‘it’s like a treasure box’

NEW YORK—In the early hours of Thanksgiving weekend, Reyhan Ayas was leaving a bar in Midtown Manhattan when a man she had just met snatched her iPhone 13 Pro Max.

Within a few minutes, the 31-year-old, a senior economist at a workforce intelligence startup, could no longer get into her Apple account and all the stuff attached to it, including photos, contacts and notes. Over the next 24 hours, she said, about $10,000 vanished from her bank account.

Similar stories are piling up in police stations around the country. Using a remarkably low-tech trick, thieves watch iPhone owners tap their passcodes, then steal their targets’ phones—and their digital lives.

[Read our guide with tips to protect your iPhone data from thieves.]

Security hazard on iOS: cash, cards

The thieves are exploiting a simple vulnerability in the software design of over one billion iPhones active globally. It centers on the passcode, the short string of numbers that grants access to a device; and passwords, generally longer alphanumeric combinations that serve as the logins for different accounts. 

With only the iPhone and its passcode, an interloper can within seconds change the password associated with the iPhone owner’s Apple ID. This would lock the victim out of their account, which includes anything stored in iCloud. The thief can also often loot the phone’s financial apps since the passcode can unlock access to all the device’s stored passwords.

MPG: a simple passcode that unlocks everything and allows changing everything irreversibly is unbelievably bad security.

I give Apple an 'F' on real-world security because Apple fails to address the physical risks involved, relying entirely on the (false) premise that passcode security is all you need.

See Apple iOS: Major Security Flaw is Just Unbelievable, Apple Ought to Have Full Civil Liability.

WSJ: How to Protect Your iPhone Data From Thieves


What You Should Do

  • Cover your screen in public...
  • Strengthen your passcode...
  • Enable additional protection for other apps...
  • Use a third-party password manager.... [MPG: better than using built-in features, but still a severe risk due to the thread of violence]
  • Delete scans of sensitive information...
  • If your iPhone is stolen, act quickly... [MPG: good luck! thieves know this too]

What Apple could do

  • Let people add extra Apple ID password protection...
  • Password-protect the iCloud Keychain...
  • Protect account recovery from hijackers...

“The most important thing is awareness,” says Sgt. Robert Illetschko, the lead investigator on such iPhone theft cases in Minneapolis. “People forget that what they’re holding in their hand is their entire life.” He adds, “If someone has access to it, they can do a lot of damage.”

MPG: losing your phone should not mean losing your digital life, and Apple is remiss in making it so easy for thieves to exploit you.

Recommendation: whenever feasible, use 2-Factor Authentication such as a separate hardware key for all financial/sensitive accounts. It’s a small device that fits onto a keychain with a code that changes every 30 seconds or so.

View all handpicked deals...

Apple 16.2" MacBook Pro with M1 Max Chip (Late 2021, Space Gray)
$3499 $2399
SAVE $1100 | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2020 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__