Thieves can relieve you of access to your entire Apple ID just by watching you type in your passcode while you're enjoying a vodka martini on a night out. Thieves that gain access to your iPhone are then able to pull your access to your iPhone, as the phone doesn't need any kind of confirmation beyond a passcode as to whether an Apple ID is changed from the iPhone. That means they can change your password, and permanently lock you out of your account.
A report from the Wall Street Journal demonstrates a little about what kind of hoops a user then has to jump through in order to regain access to their account, and all the data within.
Stealing phones and Apple IDs
A man called Greg Fresca talked to The Wall Street Journal about his experience, and how he now has to head to Apple's Cupertino headquarters or pay $10,000 to prove his identity and get his account back.
To make sure that Fresca couldn't use his account, the thieves unlocked his phone with the passcode they watched him enter, changed his Apple ID password, and then crucially enabled the security setting "recovery key". That makes for a lock on the Apple ID in question, losing Fresca access to years of personal data.
The recovery key, first introduced by Apple to combat online hackers, generates a 28-digit number that can be used to unlock an Apple ID. Alas, with access to the iPhone, even if the recovery key is already enabled, thieves can easily generate a new one and lock you out of your account.
Apple responded to the Wall Street Journal, saying "We work tirelessly every day to protect our users’ accounts and data, and are always investigating additional protections against emerging threats like this one.” There doesn't seem to be much it can do.
This all highlights just how important it is to keep your best iPhone safe, especially when you're out and about for the evening – and a stolen iPhone could mean more than just a phone call to the insurance company in order to get a new one. It could be a trip to California or a $10,000 check.
