How iPhone Recovery Keys Help Thieves Lock Users Out of Apple Accounts | WSJ Tech News Briefing

Подписаться 399 тыс.

Просмотров 159 тыс.

50% 1

Thieves in cities across the U.S. who steal iPhone passcodes along with the devices are also using another Apple security feature to lock victims out of their accounts. The victims say they have no way to regain access to years of photos and other personal data.
WSJ personal tech columnist Nicole Nguyen joins host Zoe Thomas to explain how this crime works and why it’s so devastating.
0:00 How iPhone passcodes are stolen to access banking info and use financial apps like Venmo and PayPal
2:03 What’s Apple’s recovery key?
4:22 A victim's experience with a thief changing his Apple recovery key
6:00 Apple’s remarks on the security issue
6:37 How others in the tech industry like Google deal with account recovery
7:46 Steps users can take to protect themselves
Tech News Briefing
WSJ’s tech podcast featuring breaking news, scoops and tips on tech innovations and policy debates, plus exclusive interviews with movers and shakers in the industry.
For more episodes of WSJ’s Tech News Briefing: link.chtbl.com/WSJTechNewsBri...
#iPhone #Security #WSJ

Опубликовано:

27 май 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 87

@AfricanTravellerChannel Год назад

Thanks for the heads up!

@taichi29 Год назад

If you're doing anything that deals with financial situations, always do it at home. Never do purchase transactions with your phone. Another thing stop putting your debit, or credit card information on your phones.

@omar2886 Год назад

this is a major security issue. it is said that Apple is fixing this on iOS 17

@tobybartlett Год назад

Hopefully iOS 17 development prioritizes fixing this!

@Qyuri Год назад

Can’t wait for Apple’s take on this in their next WWDC

@jurt00 Год назад

Great, so we have to wait six months for this to be fixed.

@Rdamas0 10 месяцев назад

would love to read on up where they said this. I've recently been the victim of this crime / scam and its infuriating to hear Apple tell you "sorry, there's nothing we can do". Any help would be appreciated....thanks.

@gerardopulido4804 6 месяцев назад

Literally same here. I got robbed they took my phone and have enabled this key. I can’t get access to my iCloud and apple hasn’t helped! Makes no sense.

@christophrose301 Год назад

Am I better of if not using a passcode - deactivating the passcode - and using (similar or individual) passowrds for entering most critical apps?

@Shoebutie Год назад

Do a video on how to use screen time to protect your phone

@Hooksh0t 11 месяцев назад

why is this an ad two months later?

@n8236 Год назад

If you’re still using a 4 or 6 digit passcode in place of biometrics, then shame on you.

@TitusAzzurro Год назад

Weird that nobody mentioned setting up Face ID.

@boxoffisa Год назад

Sometimes iPhone won’t lock with Face ID. They need to bring back Touch ID as well.

@TitusAzzurro Год назад

@@boxoffisa I'm using iPhone13 and the only time password is required is: - when it switches on, - when its connecting by cable to a laptop, - after pressing the lock button 3 consecutive times;

@boxoffisa Год назад

@@TitusAzzurro thanks for saying after pressing three times. Imagine you have pressed three time to check a notification or time. But then I use XS Max. And sometimes it just refuse to unlock.

@tubedude92 Год назад

enable a separate screen time passcode and also regularly perform manual backups on your computer

@Studentoftheiniverse Месяц назад

my iphone was stolen and few says later activated in another country... then it disappeared... (

@jonneye Год назад

The key allows the attacker to lock users out, change account settings, and potentially access sensitive personal information stored within the account.

@robertmusoke5709 2 месяца назад

I am a victim of this. Been trying to reach out to Apple for a month without success.

@amatvkhmer Год назад

iPhone is very heavy

@frostyisback101 11 месяцев назад

POV:Your here bc a misclick💀

@jpoconnor5744 Год назад

Don’t you just love the response from Apple? A complete non-answer that deflects the question. The reporters missed an opportunity for better reporting by not asking followup questions. The Apple security protocol is strong in defending against a hacker when the iPhone is in possession of the owner. Their protocol is useless when the iPhone has been stolen by someone who is able to first determine the device passcode. In the latter case, there are no further lines of defense in the vast majority of thefts, unless the screen time passcode and restrictive settings are made… in advance of the device being stolen. Even then, the screen time passcode is only the weak 4 digit number.

@melindadennis9553 11 месяцев назад

❤❤ pop p

@jaworq 10 месяцев назад

28-digit recovery key which can be easily changed or disabled by thiefs when they know our 6-digit phone unlock code. So it does not protect at all and can even make it harder for us to recover our account once they change it to some new code which we don't have.

@PM2024- Год назад

I don’t understand how adjusting the screen time limits will inhibit a thief who steals a phone 🤷🏻‍♂️ can someone explain that (in the simplest way possible) thanks 🙏🏼

@ajmorgan591 Год назад

A feature of Screen Time is the ability to prevent access to certain phone settings. For example, "Passcode Changes" and "Account Changes". By setting a Screen Time passcode (make it something different to your normal passcode) and disabling the ability to make changes to your account, a thief won't be able to lock you out of your account, unless they somehow know your Screen Time passcode too (unlikely). More information here: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-tCfb9Wizq9Q.html

@TitusAzzurro Год назад

Screen time = parental control The thief in that case would have the same privileges as a child

@peterstonesuk Год назад

It doesnt but people (including WSJ keep saying this terrible advice). Once the thief has the phone they just click forgot screentime passcode and can reset it.

@ajmorgan591 Год назад

@@peterstonesuk Resetting the Screen Time passcode requires your Apple Id and password, which a thief is highly unlikely to know, and if they did then this whole conversation is moot anyway given the point here is to prevent the hijacking of your Apple account.

@peterstonesuk Год назад

@@ajmorgan591 nope. You can reset with all the access the thief has to your phone.

@chuckstube2 Год назад

How did the thief get into the device? Shoulder surfing?

@jpoconnor5744 Год назад

Yes

@DavidGS66 Год назад

A hidden camera could also be set up in a bag & left alone beside you, or maybe staff share camera shots with your PIN.

@Dr.Jekyll_ Год назад

there's a very easy way to protect yourself from this. go to Settings then go to Screen time turn on if not already on. create a 4 digit screen time passcode then go to content & privacy restrictions at the bottom it says allow changes passcode changes, change to don't allow account changes, change to don't allow. now to make changes they require your 4 digit screen time passcode is not enough to have your lock screen passcode they need a second passcode to access your account and to change your passcode.

@superblondeDotOrg Год назад

or protect yourself by not playing with your phone at bars with drunk & unsavory people.. !

@shaikhameeda4948 Год назад

Nope, you can reset the screen time pin using the same iPhone pin. It’s useless to set this up

@trobinson14kc Год назад

Not only did the video cover this, they too were wrong.

@auro1986 Год назад

how? hackers earn some money from thieves to unlock iphone advertised by apple

@lilibyrd9319 11 месяцев назад

So, android user here. I was just toying with the idea of getting an ipad for mobile work when I ran into this scary mess. Why can't you just go to your computer or some other device you own use 2FA and disallow the device from accessing your profile? Are iphone IDs and Apple ID automatically linked?! if so wft that's crazy stupid. Also what happened to all the other verification like fingerprint ID or face id?what are they for if you can just bypass all of that with a simple code?

@2006Nissan 11 месяцев назад

Dont be scared honestly its only if someone takes your device or as long as you dont mess around with links and websites you will be fine if you ever do get an ipad

@superblondeDotOrg Год назад

So lets see: First, Go out to nightclub or bar, possibly lend your phone to someone else to take your picture for you; Second, have someone secretly video you unlocking your phone; Third, have someone steal your phone; Fourth, have those two people conspire in a crime for identity theft using the stolen phone's unlock password. NOT VERY LIKELY... Hint: Don't play with your smartphone to a nightclub or bar and especially don't leave it around unattended! Problem easily solved.

@trobinson14kc Год назад

You're not very imaginative. And probably soon a victim.

@ChunSwaeRrrr Год назад

Agreed but if you are a bit tipsy this can all be avoided by unlocking using Face ID and if it wants a passcode cause sometimes It does , go to the bathroom and be alone or with a friend at least … just avoid typing in your passcode as much as you can

@gumerzambrano Год назад

Just use face ID lol

@feetycool3884 Год назад

App pinning exists

@leonelferreira135 Год назад

This is so stupid!! Why Apple use the Device Passcode only and not the Device Passcode and Apple ID password together to someone be able of getting a new recovery key number?? 🤷🏻‍♂️ This simple close the cicle 🤦🏻‍♂️ if to change Apple ID password you need recovery key and to change recovery key you need Apple ID password, and even for this last you need the Device Code.. this simple make this system much more secure. Make sense???

@allenshegog Год назад

sounds like people need to be more vigilant not Apple Inc.

@bruceou4795 11 месяцев назад

What about security keys?

@SPFboy86 4 месяца назад

I believe those won't save you from this situation when the phone has been stolen and the passcode has also obtained. Until Apple ditches the passcode as the ultimate code, the best thing is to use a 3rd party password app as well as storing digital content in a 3rd party cloud provider.

@trobinson14kc Год назад

Using the built in password manager in IOS or Android is just stupid (although the android "alternate" methods are harder to defeat). Buy a fully independent password manager and wrench control of your financial life away from the phone makers.

@jamesjackson5546 Год назад

create a recovery key now to help prevent this. (Atleast I hope so. The hacker cant make a recovery key if I already have one).

@leonelferreira135 Год назад

Unfortunately he can. If he have your iPhone e just need to ask for a new recovery key and put your Device Code that he saw you put it before he stole him. This doesn’t make any sense. And also you could disable the option.. you just need to have the Device Code that you use to unlock the screen. Such a big hole in security system in case of stolen.

@leonelferreira135 Год назад

Also, they still can change the apple id password in the browser because they have you trust phone number that can be used to simply allow the password change 🤷🏻‍♂️🤦🏻‍♂️

@paull.5921 8 месяцев назад

@@leonelferreira135 - Agree, why not just change it such that once recovery key is set up, another cannot be created or the original changed -- without that original key? Seems like users motivated enough to do this would understand the importance of not losing it. Haven't heard anything about this in ios 17 ... ?

@andrei.01 Год назад

Apple needs to introduce double biometrics (face id + fingerprint). If any of them fails, you use the second one. Password security has been historically bad and needs replacement.

@vader2746 Год назад

Silah bulundurmak bir haktır ancak bunu ne derece de kullanılabilir bir guvenlik aracı olup olmadığı konusu bireyleri sorumluluk içine almadığı müddetçe bu olayların olması kaçınılmaz . Avrupa'da da mevcut silahlanma ancak oradaki bireyler silah kullanımı konusunda daha bilinçli ve akılcı yaklaşımda. Bu durum Amerika'da tamamen sokak jargonuna düştüğü için başedilebilirligi zor .

@alexthemtaandr211weatherfa2 Год назад

This is not about the second amendment

@MrBelmont79 Год назад

I don’t understand the issue. If my iPhone is lost or stolen, it takes me 15 minutes to contact the banks and freeze my accounts until the matter is resolved. 🤞🏻

@trobinson14kc Год назад

Really, without a phone?

@Hintonbro. Год назад

Bring back Touch ID - almost never used the password. Face ID just does not work well enough…

@PSy84 Год назад

Nope…it should be both. Touch ID and 3D Face ID…and no changes in accounts etc without Face ID and Touch ID…and all changes must take place after a week or 2 so it can be marked as lost.

@RoqueSantosJunior Год назад

You are late on this topic Zoe…

@0.o.0.o1 Год назад

I have Touch ID on my iPhone have fun hacking my fingerprint

@ariwilsun Год назад

This reporting is so misleading it’s not even funny.

@A1.CA1 Год назад

Me who is anti social 🗿

@ronwebb8498 11 месяцев назад

Ghd

@NYClocationScout Год назад

Apple has gotten progressively worse since the death of Steve Jobs

@xvx4848 Год назад

Why in the world would people hand over their phones so someone could take a picture? If you have any trust in those around you today you're clearly a fool.

@LP-jn4tw Год назад

Alcohol consumption makes people do things like this, and bars (and surrounding streets, etc.) are the common place for cell phone thievery.

@PM2024- Год назад

Fairly common

@naturistfred Год назад

That's very common among tourists. They ask random strangers to take their picture while vacationing.

@trobinson14kc Год назад

Targets are also being mugged after leaving the premises. Also works when someone is using face ID.

@teresasimpson4771 Год назад

Isaiah 41:10 “Fear thou not; for I am with thee: be not dismayed; for I am thy God: I will strengthen thee; yea, I will help thee; yea, I will uphold thee with the right hand of my righteousness.” King James Version (KJV)

@OneManOnFire Год назад

More proof Android is better.

@mathmanchris666 Год назад

Android has the same issue, so nice try though. You can keep telling yourself the same lies, but Android has the same issues, and Android is in fact less secure. Simple solution is to use biometric passcodes.

@ygt-cd3mg Год назад

This is a proof nothing but you don’t know tech and you think Wall Street journal do, 😂This isn’t an issue as the media sensationalized it, iOS has screen time can easily make changing accounts impossible even you have the iPhone passcode, it enables secondary passcode to modify iCloud accounts and user passcodes and can even stop you from disabling cellular data. They don’t know iPhone has it build in and they don’t use it, doesn’t mean Apple has security issue nor android is better.