You might recall that back in June, it was reported that iPhone thieves in Brazil found a more lucrative reason to stealing iPhones. They weren’t stealing iPhones just to resell them, but rather they were stealing iPhones and using it to get into the bank accounts of their victims, potentially netting them more money than reselling a stolen phone.
However, there was the question of how they were doing it? According to a report from Folha de S. Paulo, we might have found out how. This is according to the police who arrested one of the gangs involved and apparently they have shared how they go about breaking into the bank accounts of their victims, even claiming that this technique works across the iPhone 5 up to the iPhone 11.
So basically how it works is that they take the SIM card out of the iPhone and put it into another phone. They then scour social media for the email address of the person whose phone they stole, and since usually it ends up being the same email address used for Apple ID, they then reset the Apple ID password via a phone number.
With the newly created password, the thieves can then access iCloud Keychain to find out the passwords the user has stored on their devices, or in some cases, some users even store passwords in the Notes app. It’s actually a surprisingly straightforward process that uses systems that are already in place, as opposed to other hacking techniques that would require additional hardware.
That being said, following the previous report, Apple stated that they will be making it easier for users to erase a stolen iPhone, although they did not detail how.