[ad_1]
The police in São Paulo have released details of a scam by gang members who steal iPhones and other smartphones in order to then clear the victims’ accounts. Instead of performing a complex technical unlocking of the stolen smartphones, relatively simple methods are apparently used, as reported by the Brazilian media.
One of the tricks is simply to insert the SIM card of the stolen iPhone into another iPhone and then search for the accounts linked to the phone number – for example on Facebook and Instagram.
SIM card is the crux of the matter
With the e-mail addresses found in the process, an attempt is made to reset the Apple ID, explained 9to5Mac. Once the thief has found the correct Apple ID, he can reset the password: If the stolen phone number has been stored for Apple’s two-factor authentication, which is usually the case, the code required to reset the password can be simply sent via SMS or request a call to Apple. Since the criminal has the SIM card, he receives the confirmation code.
This backdoor is apparently deliberately Apple’s two-factor authentication to allow users who only have a single Apple device to reset their password – this could eventually get lost. Such attacks are only possible if no additional SIM PIN is used or it has been deactivated by the user. The use of an eSIM or the deposit of a different telephone number for Apple’s two-factor system cancels out such a scam.
Simple search for bank accounts
Then the criminals probably try to scour common cloud services and load the iPhone backup from iCloud – as well as search the data for passwords. Often the banking access data would also be easy to find, how Folha de São Paulo with reference to the Brazilian police writes, apparently some users sometimes save this unencrypted as a note. It remains unclear to what extent Brazilian banks rely on additional biometric authentication or a second factor when logging in in their apps – if such protection mechanisms are lacking, the access data is of course sufficient.
One of the arrested gang members told the police that these techniques were “taught” in the São Paulo region, the newspaper writes. But there are also groups that rely on unlocking tools to crack and search for stolen smartphones. The criminals prefer when the phones are unlocked – they are torn out of the victim’s hand during use and then kept active, for example by activating the camera app. So far, Apple has only vaguely announced to the Brazilian media that it will simplify the remote wiping of iPhones. With iOS 15, iPhones should also be able to locate them even if they have been offline, switched off or deleted.
(lbe)
.
[ad_2]
