() — A complex but worrying method of taking control of a user’s iPhone and permanently locking the device appears to be on the rise.
According to a recent report in the Wall Street Journal, some iPhone thieves take advantage of a security setting, called a recovery key, that makes it nearly impossible for owners to access their photos, messages, data, and more. some victims too they said to the publication that their bank accounts had been emptied after the thieves accessed their financial applications.
It is important to note, however, that this type of attack is difficult to carry out. It requires a criminal to watch an iPhone user enter the device’s password — for example, by looking over her shoulder at a bar or sporting event — or manipulate the device’s owner into sharing their password. And all of that before physically stealing the device.
From there, a thief could use the code to change the device’s Apple ID, turn off Find My iPhone so its location can’t be traced, and then reset the recovery key, a complex 28-digit code intended for to protect their owners from online hackers.
Apple requires this key to help restore or regain access to an Apple ID in an effort to strengthen user security, but if a thief changes it, the original owner will not have the new code and will be locked out of the account.
“We sympathize with the people who have had this experience and we take all attacks on our users, no matter how rare,” an Apple spokesperson said in a statement to . “We work tirelessly every day to protect our users’ accounts and data, and are always investigating additional protections against emerging threats like this.”
On its website, Apple warns that “you are responsible for maintaining access to your trusted devices and your recovery key. If you lose both items, you could be permanently locked out of your account.”
Jeff Pollard, vice president and principal analyst at Forrester Research, says the company should offer more customer support options and “ways to authenticate so Apple users can reset these settings.”
For now though, there are a handful of measures users can take to potentially protect themselves from this happening to them.
Protect the access code
The first step is to protect the access code.
An Apple spokesperson told that people can use Face ID or Touch ID when unlocking their phone in public to avoid giving away their passcode to anyone who might be watching.
Users can also set a longer alphanumeric code that is more difficult for criminals to crack. Device owners should also change the passcode immediately if they think someone has seen it.
Screen time settings
Another step someone might consider is a hack not necessarily endorsed by Apple, but one that has been making the rounds on the internet. Within an iPhone’s Screen Time settings, which allow guardians to set restrictions on how children can use the device, there is the option to set a secondary password that would be required of any user before they could successfully change a password. Apple ID.
Enabling this option will require a thief to enter the secondary password before changing an Apple ID password.
Back up your phone regularly
Lastly, users can protect themselves by making regular backups of their iPhone (via iCloud or iTunes) so they can recover data if it’s stolen. At the same time, users may want to consider storing important photos or other sensitive files and data on another cloud service, such as Google Photos, Microsoft OneDrive, Amazon Photos, or Dropbox.
This will not prevent a thief from accessing the device, but it will somewhat limit the consequences if it does occur.