Apple Responds to Report About Thieves Permanently Locking Out iPhone Users

by

The Wall Street Journal's Nicole Nguyen and Joanna Stern today published a report highlighting how thieves can use Apple's optional recovery key security option to permanently lock out iPhone users from their Apple ID account.

iphone passcode green
As the journalists first revealed in February, there have been increasing instances of thieves spying on an iPhone user's passcode in public and then stealing the device in order to gain widespread access to the device and its contents, including financial apps. All of the victims interviewed in the initial report said their iPhones were stolen while they were out socializing at bars and other public places at night.

With knowledge of the iPhone's passcode, a thief can easily reset the victim's Apple ID password in the Settings app, even if Face ID or Touch ID is enabled. Subsequently, the thief can turn off Find My iPhone on the device, preventing the owner of the device from tracking its location or remotely erasing the device via iCloud.

Today's report places more focus on an additional step that thieves can take: using the stolen device to set or reset a recovery key, a randomly generated 28-character code that is required to regain access to an Apple ID once enabled.


"Apple's policy gives users virtually no way back into their accounts without that recovery key," the report states. With unmitigated access to a stolen iPhone, the device's passcode, and the Apple ID password, thieves can steal money via Apple Pay and potentially other banking apps, view sensitive information like photos and emails, and more.

Apple's website does warn that losing access to both your trusted devices and recovery key means that "you could be locked out of your account permanently." In this scenario, however, thieves spying on iPhone passcodes before stealing the devices means that victims only need to lose their device in order to potentially be permanently locked out. The report serves as a valuable reminder to protect your iPhone's passcode in public.

For more details, read our previous coverage.

Apple Responds

In a statement shared in response to the report, Apple said it is "always investigating additional protections against emerging threats like this one."

"We sympathize with people who have had this experience and we take all attacks on our users very seriously, no matter how rare," an Apple spokesperson told The Wall Street Journal. "We work tirelessly every day to protect our users' accounts and data, and are always investigating additional protections against emerging threats like this one."

How to Stay Protected

iPhone users should use Face ID or Touch ID as much as possible when in public to prevent thieves from spying on their passcode. In situations where entering the passcode is necessary, users can hold their hands over their screen to hide passcode entry.

The report also recommends that users switch from a four-digit passcode to an alphanumeric passcode, which would be more difficult for thieves to spy on. This can be done in the Settings app under Face ID & Passcode → Change Passcode.

To protect a bank account, consider storing the password in a password manager that does not involve the device's passcode, such as 1Password.

Users can enable Screen Time parental controls to further lock down their device, the report adds.

Popular Stories

Generic iOS 19 Feature Mock Light

iOS 19 Leak Reveals All-New Design

Friday January 17, 2025 2:42 pm PST by
iOS 19 is still around six months away from being announced, but a new leak has allegedly revealed a completely redesigned Camera app. Based on footage it obtained, YouTube channel Front Page Tech shared a video showing what the new Camera app will apparently look like, with the key change being translucent menus for camera controls. Overall, the design of these menus looks similar to...
Read Full Article
2024 iPhone Boxes Feature

Apple Changes Trade-In Values for iPhones, iPads, Macs, and More

Thursday January 16, 2025 6:45 am PST by
Apple today adjusted estimated trade-in values for select iPhone, iPad, Mac, and Apple Watch models in the U.S., according to its website. Some values increased, while others decreased. The changes were not too significant, with most values rising or dropping by $5 to $50. We have outlined some examples below: Device New Value Old Value iPhone 15 Pro Max Up to $630 U ...
Read Full Article64 comments
2024 App Store Awards

Apple Explains Why It Removed TikTok From the App Store in the U.S.

Sunday January 19, 2025 6:58 am PST by
Apple on late Saturday removed TikTok from the App Store in the U.S., and it has now explained why it was required to take this action. Last year, the U.S. passed a law that required Chinese company ByteDance to divest its ownership of TikTok due to potential national security risks, or else the platform would be banned. That law went into effect today, and companies like Apple and Google...
Read Full Article237 comments
Generic iOS 18

Everything New in iOS 18.3 Beta 3

Thursday January 16, 2025 12:39 pm PST by
Apple provided the third beta of iOS 18.3 to developers today, and while the betas have so far been light on new features, the third beta makes some major changes to Notification Summaries and also tweaks a few other features. Notification Summary Changes Apple made multiple changes to Notification Summaries in response to complaints about inaccurate summaries of news headlines. For...
Read Full Article28 comments
iOS 19 Roundup Feature

iOS 19 Rumored to Be Compatible With These iPhones

Saturday January 18, 2025 10:28 am PST by
iOS 19 will not drop support for any iPhone models, according to French website iPhoneSoft.fr. The report cited a source who said iOS 19 will be compatible with any iPhone that can run iOS 18, which would mean the following models: iPhone 16 iPhone 16 Plus iPhone 16 Pro iPhone 16 Pro Max iPhone 15 iPhone 15 Plus iPhone 15 Pro iPhone 15 Pro Max iPhone 14 iPhon...
Read Full Article
iPad Pro vs iPhone 17 Air Feature

Here's How Thin the iPhone 17 Air Might Be

Friday January 17, 2025 3:38 pm PST by
For the last several months, we've been hearing rumors about a redesigned version of the iPhone 17 that Apple might call the iPhone 17 "Air," or something along those lines. It's going to replace the iPhone 17 Plus as Apple's fourth iPhone option, and it will be offered alongside the iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max. We know the iPhone 17 Air is going to be super slim, but...
Read Full Article220 comments
mail categories macos

Apple's Redesigned Mail App is Expanding to the Mac — Here's When

Sunday January 19, 2025 6:02 am PST by
Apple plans to expand the iPhone's redesigned Mail app to the Mac starting with macOS 15.4, according to Bloomberg's Mark Gurman. The first macOS 15.4 beta should be made available in the coming weeks, and Apple has previously suggested that the iOS 18.4, iPadOS 18.4, and macOS 15.4 series of software updates will be released to the public in April. The revamped Mail app debuted on all...
Read Full Article89 comments
apple power beats pro 2

Powerbeats Pro 2 Coming Soon: Apple to Announce Them 'Imminently'

Sunday January 19, 2025 8:25 am PST by
In September, Apple said that it would be launching Powerbeats Pro 2 in 2025, and it appears the wireless earbuds are coming very soon. Powerbeats Pro 2 images found in iOS 18 code In his Power On newsletter today, Bloomberg's Mark Gurman said the Powerbeats Pro 2 are "due imminently." In addition to Apple filing the Powerbeats Pro 2 in regulatory databases last month, Gurman said Apple is...
Read Full Article57 comments

Top Rated Comments

cgs1xx Avatar
cgs1xx
23 months ago
So, Apple’s response was “aahh… sympathies” ?
Score: 28 Votes (Like | Disagree)
bunty Avatar
bunty
23 months ago
So we're gonna have our 989 post conversation all over again? https://forums.macrumors.com/threads/apple-responds-to-report-about-thieves-spying-on-iphone-passcodes-to-steal-your-entire-digital-life.2381922/page-40

The point is the passcode to unlock an iPhone can also be used to access or recover anything that asks for your Apple ID password...if you forget or pretend to forget your Apple ID password. Try it. It's all covered in the other conversation thread.

The screentime passcode can be circumvented easily. https://forums.macrumors.com/threads/apple-responds-to-report-about-thieves-spying-on-iphone-passcodes-to-steal-your-entire-digital-life.2381922/page-38?post=32028392#post-32028392
Score: 27 Votes (Like | Disagree)
brandoman Avatar
brandoman
23 months ago
All one has to do is turn on Screen Time > Content & Privacy Restrictions > Passcode Changes > Don't Allow. Be sure to use a different passcode for Screen Time.

Oh, and Account Changes (Don't Allow). Thanks for that tip @ypl.

Score: 24 Votes (Like | Disagree)
RamGuy Avatar
RamGuy
23 months ago
Is this even the case anymore? When I try to disable Find My, I'm prompted for my Apple ID password, not my passcode. Same if I try to log out of iCloud, this requires me to disable Find My as a part of the process prompting me t verify with my password, not my passcode.

All of this is common sense. You can't expect a 4-digit passcode to be all that secure. If you feel paranoid, use an alphanumeric passcode, aka password, instead.
Score: 21 Votes (Like | Disagree)
ELman Avatar
ELman
23 months ago
Essentially, be responsible for the device you own. It's not our issue.
Score: 20 Votes (Like | Disagree)
zorinlynx Avatar
zorinlynx
23 months ago
This would be less of an issue if iOS didn't randomly fail to FaceID and ask for a passcode, often at the least convenient time.

I wish Apple would get this resolved.
Score: 19 Votes (Like | Disagree)
Read All Comments