Thieves have figured out a crafty way to break into locked iPhones after stealing them
Marco Di Lauro/Getty Images
Be careful: That email might be from who you think it is.
Enterprising thieves have now figured out a way to break into stolen iPhones after they've been locked if the owner isn't careful.
It requires duping the target, so it's possible to detect and block - but you need to know what you're doing.
We heard about the trick from Joonas Kiminki, who wrote a blog post about it over on Hackernoon after experiencing it first-hand. Here's how it works:
- iPhones come equipped with the ability to be locked after they're lost, via the Find My Phone website. This stops anyone from getting in without the correct password, rendering the device effectively useless.
- But criminals have found a way to game this - by spoofing an email or SMS from Apple telling you your phone has been found.
- To do this, they need your contact details. But they can often get these from your Medical ID info page. Or you might have them saved in the message you can display on the phone when it's locked, to try and get whoever finds it to contact you.
- This spoof message will tell the target that their device has been found, and directs them to a website that pretends to be iCloud where they can supposedly get more info about where the phone is exactly.
- The victim then enters their iCloud account email and password, but it doesn't work, saying the password is wrong. Meanwhile, the login details they typed are secretly transferred to the thief.
- With these they can then unlock your device, and either steal your data or wipe it completely and start fresh.
It's clever - but if you're alert about it, you don't need to get stung.
Double-check the email address of any message asking you for your login details - Kiminki's came from "icloud.insideappleusa@gmail.com," which obviously isn't an official Apple account. Likewise, make sure that the URL of any "official"-looking websites match up to the real deal. It should also have a green padlock beside it which means the connection is encrypted and verifies the company's identity.
Next Story
Colon cancer rates are rising in young people. If you have two symptoms you should get a colonoscopy, a GI oncologist says.
I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
An Ambani disruption in OTT: At just ₹1 per day, you can now enjoy ad-free content on JioCinema
Sustainable Waste Disposal
RBI announces auction sale of Govt. securities of ₹32,000 crore
Catan adds climate change to the latest edition of the world-famous board game
Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
Tired of blatant misinformation in the media? This video game can help you and your family fight fake news!
