In yet another sign of the mobile-first world we live in, even muggings and robberies are starting to take on a tech-savvy flair. As was the case during one 2017 incident in Washington DC, for example, when a woman was leaving a metro station and a teenager got the drop on her, grabbing her around the neck. He instructed her to keep quiet. And to delete her iCloud. Then he grabbed her iPhone 6S and took off.
Philadelphia was hit by a round of similar incidents like that one last month. The common link in all of them was a thief pointing a gun at the victim, demanding their iPhone and commanding them to disable the “Find My iPhone” feature in addition to logging out of iCloud.
Those encounters are part of a revealing new look by Motherboard at how thieves and hackers are getting savvier at bypassing what’s generally regarded as the iPhone’s secure protective features through a combination of low-tech and digital means. As a reminder, iPhones can only be linked to a single iCloud account, which is intended as a way to keep it secure and make it not as tempting a target for thieves — who would have to figure out how to remove the iCloud account from the phone to make it worth selling to someone else.
Per Motherboard: “The iCloud security feature has likely cut down on the number of iPhones that have been stolen, but enterprising criminals have found ways to remove iCloud in order to resell devices. To do this, they phish the phone’s original owners, or scam employees at Apple Stores, which have the ability to override iCloud locks. Thieves, coders, and hackers participate in an underground industry designed to remove a user’s iCloud account from a phone so that they can then be resold.”
Underground industry sounds like a pretty good description of what’s happening here, as there’s actually a growing bag of tricks that thieves can dip into in order to get into iCloud-locked iPhones, with popular tricks including the creation of fake receipts as well as an oldie but goodie – the classic phishing scam, with phishing kits actually starting to be sold to less savvy iPhone thieves.
As far as the fake receipt approach goes, that involves thieves whipping up fake receipts and invoices to trick Apple into thinking they’re the phone’s rightful owner. That’s done via tricks that include social engineering at Apple Stores, but Motherboard reports there are also “custom phishing kits for sale online designed to steal iCloud passwords from a phone’s original owner.”
Here’s another interesting fact: Even some unnamed repair companies are wading into this territory, with some of them becoming actual customers of companies that illegally unlock iCloud accounts.
“There are many listings on eBay, Craigslist, and wholesale sites for phones billed as ‘iCloud-locked,’ or ‘for parts’ or something similar,” the Motherboard article continues. “While some of these phones are almost certainly stolen, many of them are not. According to three professionals in the independent repair and iPhone refurbishing businesses, used iPhones — including some iCloud-locked devices — are sold in bulk at private ‘carrier auctions’ where companies like T-Mobile, Verizon, Sprint, AT&T, and cell phone insurance providers sell their excess inventory (often through third-party processing companies.)”