iPhone thefts powering banking scams: A simple hack using SIM card and Apple ID grants quick access to secure accounts, claims Brazilian criminal

Apple iPhone Bank Scams
Are secured iPhones opening doors to bank frauds? Pic credit: Matthew Pearce/Flickr/CC BY 2.0

An Apple iPhone is one of the most secure devices, and that’s what drives its popularity. However, criminals are apparently easily breaking into stolen iPhones to access bank accounts.

A sudden increase in iPhone thefts in Brazil had the law enforcement looking for equivalent growth in the reseller market. However, criminals stealing Apple iPhones are after a lot more valuable item: data stored on the device.

Why are criminals stealing a secure Apple iPhone?

Police in São Paulo, Brazil, arrested one of the gangs that specialize in smartphone theft. Following a brief interrogation, the criminals offered some startling details about how they crack the security of Apple devices. One of them even boasted that he can “unlock all iPhones, from 5 to 11.”

As expected, law enforcement feared the thieves had discovered some Zero-0 (0Day) security flaw or received Cellebrite’s tools to unlock the stolen iPhones. But as it turns out, criminals need only a single tool to access all the device’s data.

An iPhone’s SIM card is apparently the most valuable asset the criminals need. Time, however, is of the essence, as the victim could easily alert the telecom service provider and block the SIM.

Once the criminals steal an iPhone, they take the SIM card out and put it into another iPhone. Obtaining an Email address through social media profiles is quite easy. In the majority of cases, this email address is the same as the one the victim used for the Apple ID.

After obtaining the information, the criminals merely reset the Apple ID password using the victim’s phone number. All the information is now easily accessible, they claim.

Criminals quickly rummage through the Apple Inc.’s Notes app since many users foolishly store bank and credit card passwords there. Moreover, with access to the iCloud account, they can easily get all the passwords from the iCloud Keychain as well.

How to protect against data theft and banking account drain from a stolen iPhone?

Apple Inc. is aware of the security risks associated with stolen iPhones. Moreover, the company has deployed several failsafe methods and authenticated recovery techniques.

Still, the company has assured it would make it easier for users to delete all data from a stolen iPhone. Incidentally, starting with iOS 15 users will finally be able to track a powered-off iPhone using the Find My app.

Several security experts warn never to store passwords in the Notes app. There are several secure apps that demand a unique password. Secondly, iPhone buyers can insist on using an eSIM, which is essentially a pre-programmed software instead of a physical SIM card.

Even if iPhone users use a physical SIM, they must secure the same with a PIN. Any SIM card has its own setting menu which offers to set a PIN. On an iPhone, tap Settings > Cellular > SIM PIN > ON, and then follow the procedure the change the same from default 1111 or 1234.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x