Your iPhone has a MAJOR security problem (5 tips to keep you safe)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
the iPhone has a problem and it's one that could impact absolutely any of the over 1 billion iPhone owners out there including you it has the potential to be catastrophic if you're targeted and apple seem to be either reluctant or unable to do much to fix it in this video I'm going to explain the problem to you and give you five practical tips that you must be using to keep yourself safe okay let's get into it last month The Wall Street Journal ran a story where they talked about a woman named Rayhan Ayers a New Yorker who had her iPhone stolen from her hand as she walked out of a bar in Manhattan not an unusual situation people have their iPhone stolen every day it was what happened next that made it unusual within minutes of her having her phone snatched she'd been locked out of her iCloud account on all of her connected devices including the MacBook computer that she had at home and within a few hours thieves had moved about ten thousand dollars from her bank account to theirs a link to the wsj video in the description of this one if you'd like to watch it but let me give you a really quick summary of what happened prior to Rayhan having her phone snatched she'd been talking to a guy at the bar at some point during the chat with this guy she took her phone out and unlocked it and it was this act that led to her being targeted and having a phone snatched this is because rather than using face ID or touch ID to unlock her iPhone Rayhan inputted her four-digit passcode to unlock it and it's this passcode that's at the core of the problem facing iPhones police believe that somewhere behind Rayhan while she was chatting to what was essentially a decoy was another person possibly people working with the guy she'd been speaking with at the bar and their job was simple identify the passcode as she tapped it in let's be honest a four-digit passcode is pretty easy to see if you're close enough to someone while they're typing it in especially if that passcode is easy to remember I'll Replay that video of Kanye West at the White House for anyone who hasn't seen it the rest of the crime was simple enough wait until she's leaving the bar at which point she'll most likely have her phone out to get an Uber grab the phone from her hand and then begin to exploit that passcode now you'd be forgiven for thinking that a passcode wouldn't be enough information for a criminal to do any serious damage with your iPhone but this is where things get messy and to illustrate my point let me show you how this crime works so on the screen now is an iPhone 13 Pro equipped with face ID which is the most secure form of authentication that Apple offer I've got face ID enabled on this phone so the way that I would usually unlock it would be to hold it up to my face and then swipe once I'm authenticated but if I obscure my face for a moment and try to swipe up the iPhone offers me a backup option for accessing my phone my passcode now this passcode is a six digit passcode which is of course better than a four digit passcode but when you create a passcode you can simply input a four digit numeric code if you like although more on passcode options in a moment we input the passcode and that's it you're into the iPhone now here's where things get really concerning Rayhan had a phone snatched from her hand not taken from a bag or picked from her pocket so she knew immediately that the phone was gone and she obviously knew a bit about tech because her Instinct was to use her friend's device to immediately log into her iCloud account in order to use find my to track her phone and try to remote wipe it both of which are things you can do with find my but when she went to log into iCloud on her friend's device she couldn't do it incorrect password in the time between her having her iPhone taken and attempting to log into her friend's device which she claims was only a matter of minutes the thieves went to work they would have gone immediately to settings then face ID and passcode reset or basically disabled face ID and change the passcode to one of their own all you need to be able to do this is the passcode by the way and it takes seconds and once that's done the thieves can lock and unlock the device as much as they like it's essentially theirs now but they didn't stop there they'd then have headed back into the main menu of settings tapped on the Apple ID at the top of the settings page then password and security then change password because look at what's required to give you the authority to change your password the passcode the one that the thieves just changed to one that only they know and this is where it gets really concerning this password isn't your iPhone's password it's your Apple ID password as in the one that you use to log in on all of your devices not just this iPhone change that and any attempts by the iPhone owner to log in on their other devices or even the web will fail it's likely that if the phone had a trusted phone number in this field here the thieves would have changed that too so the thieves are now very much in control of this phone and you can't gain access to it remotely what do they do next well chances are they'd have gone to settings and passwords because if Rayhan was a power user of her iPhone there's a good chance that she used iCloud keychain to store her usernames and passwords for easy access across all her devices I know that I do the problem of course is that armed with the passcode the thieves can now access this in its entirety they've now got a full list of all of rayhan's Saved usernames and passwords and can literally go through one by one picking out the most useful ones to give them access and once they've got access they can change the logins there as well think email PayPal in rayhan's case it was banking a banking app only required a username and password to log in meaning that the thieves had everything that they needed and even for those apps that required two-factor authentication that was an SMS text message that was sent to yep the phone that the thieves now had in their hand you can see how this all began to unravel very quickly oh and of course if the thieves were peckish on the way home from a busy night of generally being scumbags they could of course stop off for some food courtesy of your Apple pay because you're getting the idea of it now that can also be enabled with a passcode when face or touch ID aren't an option not only that with the thieves now firmly in control of rayhan's iCloud account they had access to anything that she was storing there that was of value to her sensitive photos maybe of her maybe of things like her driver's license or passport be honest have you ever taken a snap of an important document and stored it in your photo library for ease of use that's now in the hands of people you don't want it to be what happens next is very much up to the morality of the people who have stolen your iPhone but they have options radio bank account blackmail you with sensitive photos use your personal documents to commit identity fraud delete years worth of Treasured Memories from your iCloud photos the list goes on oh and to really rub salt in the wound you now we're always being told that stolen iPhones have zero resale value because they're linked to an iCloud account and unless they're wiped thieves can't do anything with them well once the thieves are done with this phone they have all the details they need to be able to wipe it and disconnect the iCloud account from it meaning that they now have a perfectly resellable iPhone that they can shift on the second hand Market sickening right now the biggest problem here isn't actually the passcode it's the fact that Apple's policy is to keep the passcode as a backup security option that gives the user the same access as Biometrics do it's a bit like the Pentagon insisting on people using retina scanners to enter the most secret parts of the building but letting them get in with a secret door knock if their retina scan doesn't work one day and whilst you might think that the solution here is obvious for Apple to Simply remove the option to input a passcode when face ID is enabled we all know that there have been those times where our fingerprint hasn't worked or face ID hasn't worked and we'd be really angry if we didn't have a backup option Apple In fairness to them have to juggle the convenience of more than a billion owners against the security of an admittedly small number of affected users ultimately for now at least it's on us as the owners of the phones to figure out what to do by the way if you prefer to have content like this in a written format there's a PDF to accompany this video and you can access it by joining my membership program where for a small monthly fee you'll get access to all video PDFs moving forward plus the growing library of old ones just follow the link in the description of this video this has become a channel member now a word of caution here before you panic a series of events unfolded here and some simple changes to the way in which you use your iPhone could massively limit the chances of you falling foul of something like this so let's talk about them use a strong passcode I don't think it's mentioned specifically in the wsj video but I'm guessing that the passcode that Rayhan used wasn't all that strong so step one is to use a strong alphanumeric passcode you do this by going to settings then face ID and passcode and choosing change passcode when here you can tap on passcode options and choose from a custom alphanumeric code a custom numeric code or a four digit code a four digit code is super convenient I get it but it's also really easy for someone else to spot and remember a six digit numeric code is more difficult a six digit alphanumeric code is much more difficult a 10 digit alphanumeric code is you get the idea it might be frustrating having to remember a meteor code but if Rayhan had been using something more substantial there's a good chance that the person watching her input her code might have gotten it wrong or deemed it too difficult to remember and then it moved on to someone else you need to find that balance between convenience and security here be careful when out and about the second thing you can do is exercise caution when you're out in public inputting your passcode Rayhan was in the perfect place for thieves to Target her a bar is dark noisy busy people have had a few drinks all of which makes it easier for someone to distract her while someone else looks to get her code it might sound extreme but think of the passcode for your iPhone the same way that you would the PIN for your bank account at a cash point you need to keep it secret so be aware of who might be around you when you get your phone out to input it and shield it from you wherever you can as you've seen in this video that passcode holds a lot of power use your Biometrics some people don't want to use Touch ID or face ID because they don't trust it or they don't trust apple or they think that Apple's In Cahoots with the Illuminati or they don't get on with it or whatever else but the simple fact is that Biometrics are infinitely more secure than your passcode is if Rayhan had in this instance taking a phone out of a bag and used face ID to access it the person watching her would have realized that they weren't going to get what they wanted and would have moved on to a new victim they need that code face ID or touch ID is useless to them we can debate all day about whether or not you should be putting your fingerprint or your face into your phone but you can't argue the fact that the passcode is the Achilles heel here so yeah use your Biometrics consider a third-party password manager this one really pains me to say because I'm fully into the Apple ecosystem including iCloud keychain for storing all my passwords here on my iPhone but also on my Mac and my iPad but there is a security risk with iCloud keychain as we've seen in this video I'm happy to use it because I never input my iPhone's passcode out in public I always use face ID and my passcode is pretty good but it's clear that if someone were to get hold of my phone and my passcode I'd be in trouble with that in mind consider a third-party password manager there's loads out there I don't have a specific one to recommend basically anything that allows you to have a separate password to access the password manager that way if people did get into your phone they wouldn't be able to get any further than that be careful what you store on your device when my wife and I bought our home a couple of years ago we set up an iCloud folder that we shared access to and used it to scan in all of the documents that our mortgage company needed us to send to them so that we could both access them if we needed to quickly send documents over we're talking passports driving licenses Bank details basically an identity fraud starter kit and I recently realized that we still had that folder sitting in our iCloud drive it's gone now but while the Temptation is there to store sensitive documents in the cloud thinking it's safe be aware that if the worst were to happen you could be pretty horrifically exposed and speaking of being exposed think about the photos that you've got in your photos app is there anything in there that could be used to Blackmail you if yes I think you know what I'm going to say get rid of them or at the very least store them somewhere separately where an additional password ideally not one you've got stored on your iPhone is needed so should Apple be looking to do something about this yes in my opinion they should be apple have acknowledged that crimes like this take place but have in my opinion hidden behind the fact that a crime like this requires multiple criminals and some major planning to take place in other words it doesn't happen that often or to that many people in the grand scheme of things and whilst that might be true that's not really going to help you if it happens to you what will help you is to follow the steps in this video to help keep you and your data safe what do you think anything else users should be doing drop me a comment and let me know and as ever if you found this video useful do please consider leaving me a like and subscribing to my channel for more content like this in the future see you on the next video
Info
Channel: Proper Honest Tech
Views: 703,309
Rating: undefined out of 5
Keywords: iPhone security, iPhone passcode
Id: BxB1Awsqsyw
Channel Id: undefined
Length: 13min 18sec (798 seconds)
Published: Fri Mar 17 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.