Cracking Apple iPhone passwords the Brazilian way

From 9to5Mac’s “Brazilian criminals detail how they gain access to bank accounts from stolen iPhones” posted Wednesday:

The Brazilian newspaper Folha de S. Paulo reported last month how criminals had been stealing iPhones in Brazil to access people’s bank accounts instead of reselling the devices. Now, the police seem to have finally figured out how they gain access to bank accounts, and to our surprise, the process seems easier than you might think…

Basically, thieves take the SIM card out of the stolen iPhone and then put it into another iPhone. Using social networks like Facebook and Instagram, they can easily find out the email address used by the person who had the phone stolen. In most cases, this email address is the same as the one used for the Apple ID. All they need to do is reset the Apple ID password using the victim’s phone number.

Barbeiro says that the easiest way criminals have to find passwords is by looking in the Notes app since many users seem to store bank and credit card passwords there. However, with access to the iCloud account, they can easily get all the passwords from the iCloud Keychain as well.

When they download data from the cloud to the new device, they search for information linked to the word “password” and, according to them, they usually get what they need to access the victim’s bank accounts. Once they have this information, they return the SIM card to the victim’s phone and give the device to the gang member responsible for access the bank accounts.

My take: Don’t store your bank passwords in Notes.

5 Comments

  1. Gregg Thurman said:
    Title should read “cracking human behavior”.

    1
    July 9, 2021
  2. Jerry Doyle said:
    “…. Following the previous report, Apple has promised the Brazilian newspaper that it will make it easier for users to delete all data from a stolen iPhone.”

    It is about time iPhone users have the ability to track a powered-off iPhone using the “Find my app.” This article is disturbing. When one considers the degree of financial information the typical iPhone users has on his/her iPhone from checking, savings, bond certificate numbers, brokerage accounts, insurance, investments, listing of assets, safety deposit boxes, deed certificates, and now our wallets with its financial and related financial information (and even health data) our lives are literally “stripped,” if our phones fall into the wrong hands.

    0
    July 9, 2021
  3. Joe Murphy said:
    Jerry, although you may disagree, I think when people, iPhone users included, carry the sensitive information you noted, they’re disregarding that device possession is a known security risk. This isn’t new.

    1
    July 9, 2021
    • Jerry Doyle said:
      @Joe Murphy: “Thumbs-up.” No, I don’t disagree brother Joe. Your point is well received.

      The security risk of the device is well known & I fear most folk are like me. Even Tim Cook has stated that our entire personal lives are on the device, or something to that effect. It’s sort of what brother Gregg T denoted above: “cracking human behavior,” except in this case it has to do with what folk put on their devices–their personal lives.

      I suspect its a behavioral trait of too many iPhone users who store significant amounts of their personal lives on their devices. They’re gonna do it. So Apple needs to facilitate & expedite the means for users to delete all personal information from their devices, if the need arise to do so.

      0
      July 9, 2021
      • Gregg Thurman said:
        When reported stolen, delete everything except Find My.

        1
        July 9, 2021

Leave a Reply