iPhone Thief Explains How He Breaks Into Your Phone | WSJ
Vložit
- čas přidán 20. 05. 2024
- Thieves are stealing Apple iPhones, passcodes and thousands of dollars from their victims’ bank accounts.
WSJ’s Joanna Stern sat down with a convicted thief in a high-security prison to find how-and how you can protect yourself.
Chapters:
0:00 Vulnerability in Apple’s software
1:28 Getting the phone and passcode
3:33 Getting into Apple account
4:33 Getting into the money
5:55 Selling the phones
7:21 Protecting yourself
8:40 The future of iPhone theft
Tech Things With Joanna Stern
Everything is now a tech thing. In creative and humorous videos, WSJ senior personal tech columnist Joanna Stern explains and reviews the products, services and trends that are changing our world.
#Apple #iPhone #WSJ
His apology at the end was about as genuine as a three-dollar bill.
He's sorry he got caught lol
I suspect his lawyer warned him to pretend to be remorseful during the interview. It did not seem sincere. It seemed more like he was holding back a smile.
🤣🤣
"I was homeless, I didn't have a job"
Does it actually matter? Entire system built with huge vulnerabilities and he is only one person taking advantage. And its not like he's done something like ripped off millions from people, like so many white collar criminals
Rule of thumb. Treat your phone like an ATM in public. You wouldn’t take money out while someone you didn’t know was watching you.
FACTS
Yes try to remember my 16 alphanumeric with characters passcode that I don’t have to enter in public because I use FaceID. So no. I don’t really care.
😂😂😂 This whole well prepared fear show is about trust us and give us your finger prints and Face ID, you can trust us .
or just get an android
@@oraclejoe3471 I’m one of those weirdos who carries both an android and iPhone around. Two separate plans. I like them both. Where’s android you have the freedom, where’s ios you’ll have a near polished experience plus iMessage.
But androids on par with iPhones security wise.
“Faster than you can say supercalifragilisticexpialidocious” took me out 😂 he’s a quirky thief
😅
U not alone on that one 😂😂😂
He seems "smarter" than the average black dude ............
Exactly😂😂
@esousa486 because he isn't black but Hispanic
The biggest vulnerability in cyber security are the users
being black
Users are almost always the weakest link
Wise man once said, the easiest software to hack isn't the programming, it's the user. Most hacks are not hacks but people who get phished and give up their info without thinking. Want to break into a company's system? Phish the employees or get them to download a piece of software via a malicious site which the idiots then take into work in a thumb drive and plug into their computer at work.
Facts
@@maxking3148I work in Cybersecurity & your wrong. The sophisticated criminals are now using pre-developed tools & they have offices, salaries, sick and holiday pay and other benefits.
Dude definitely doesn't sound like he has any regrets. He isn't sorry for his actions, he's just sorry that he got caught.
“Sound” he’s did this interview perfectly with some humor. You want him to cry mid interview? 😂 goofy ahhh indian boi being racist in the internet 😂 smugmydck
Nope, he will go back at is next time and being extra careful knowing the mistakes he did last time,,, Definitely not sorry.
It's easy to punish a single person when they do bad. Much harder to punish governments or businesses, especially when it's a much more complicated and opaque situation. Maybe use better reasoning to how you think about people and governments.
@@Bbbbffu Nobody expected him to cry bozo. He could've simply owned up to it and empathized with the victims. But instead he chose to play the victim himself and used 'homelessness' as an excuse to downplay his actions
Also I love how you projected your own internalized racism onto me by accusing me of being a racist (the irony), despite the fact that i didn't even mentioned his race/ethnicity in the first place
What happens when you buy a $1500 phone and pretend you care about society, others, etc. Someone gonna challenge you on it.
This interview was definitely part of the plea agreement 😂
Hahahaha
he still got 94 months
First thing I thought
Nah...
Had to b cause what bro this is anything
"but first they gotta hire me" that caught me off guard 😂
😂😂😂
🤣😂 he ain't sh💩t
Direct TV hired the guy that hacked them.
Reminds me of that movie “Catch me if you can” whose main role was played by Leo DiCaprio. The guy is a conman who ended up in prison and then getting hired by banks to teach them about their vulnerabilities, if I’m not mistaken
apple hired the the developer who made cydia
He was making $20k a weekend, $1-2 million total and gives us a sob story about being homeless and "just needing to feed his kids"? Yea, no.
"i couldn't find a job"
you dont say???? companies chose NOT to hire a guy with neck tattoos?? 😂😂
@@dreamybull1509it's 2024 your take is tone deaf😂😂😂😂 its literally CEOS and Execs with neck tattoos
Exactly! He’s a sociopath.
@@dreamybull1509plenty of companies hire people with tattoos that’s no longer a thing - he was just too lazy to get one leave it at that.
He’s describing it like an art form, when really, all he had to do is ask drunk people to unlock their phone in front of him😂
That’s the art
"they should hire me"
Exactly it’s the arrogance for me. He’s so proud of this as if he committed a finess only the smartest criminals could pull off. There is nothing subtle or intelligent about this hussle.
@@dffoosag3583there is no art to it, we can all do that but we chose to work a job because the consequences when caught is not worth….no wise man will make crime their career
They are just advertising apple products
I changed my passcode after watching this, and then immediately changed it back because I realized I never leave the house.
Thanks for reminding me!
😂😂
L😅😂L
😂😂😂 This whole well prepared fear show is about trust us and give us your finger prints and Face ID, you can trust us .
ok
“But then, they gotta hire me” Epic 😂
"I was homeless, started having kids, needed money, no job" wat a logic mane
Yea, ruined the kids' lives being in prison not paying child support
Sad how they always make kids first and then try to "figure it out" instead making a safe household before procreating and give kids the better start in life they probably never had.
atleast they are set for a long time@@MoneyMan28
Usual suspect ..... But this one is more "clever" than others
@@esousa486 yeah, if he was doing that before having kids would’ve made more sense. Sad how a lot of people turn to fraud and call it “taking care of family” or just drugged up pop out 6 kids for tax benefits then flex online saying it’s them “making bands” and never even show kids, the actual breadwinners, photos.
I find it shocking that the victims would just hand over their phone to a guy they just met (who offered to sell drugs to them)… How careless can you be…?
As careless as alcohol makes you. Alcohol shuts down the logic part of the brain.
they dont want to seem racist.
those beta boys get scared of a "big" guy like this... that's why he targets them
Did you see the guys in the video he went after? Those guys are easily intimidated, so it looked like he choose his targets based on how wimpy they were. We are also told to worship people like the thief in his video because of our ancestors past sins I guess.
@@Fighter4StreetWe are not told to worship thieves.
What are you talking about?
I'm not an apple fan or user....but calling "Apple vulnerability" the act of drunk users giving their passwords away is crazy
I mean, allowing your minimum 8-character apple ID password be changed by simply knowing a 4-digit passcode *is* a vulnerability.
@@Zullfix they recommend you using a 6 digits....and they tell you all the implications of leaking that password. It's the same with Android and even windows PIN. It's a key to everything. It's a feature that makes our lives easier, but if you give that key away you're making criminal's lives easier (=
Fr, apple fans will defend anything. Humans are the biggest vulnerability but not fixing that exploit is hilarious to me.@@Zullfix
Yeah rrrright, but calling some decade old features "innovative" is craziest
The vulnerability is in apple’s simplified design where a 4 digit passcode can end your life basically.
He's suppressing a smile while he makes his apologies... not the expression of someone who is sorry.
Imagine if people were this proactive with things that matter and bring good.
Chilling reminder that a simple 6-digit code can unlock your entire digital life.
More like a f**king security disaster from apple and those banking apps.
If you let it.
so this. all of what happened here is the peoples own fault@@mattbrown8139
Dude, don’t give your passcode out to people and when you’re in a public setting use Face ID don’t put in your password. This is just common sense.
Why should we setup passcode to custom Alphanumeric code? Well, a 4, 6-digit code are enough to enter just a second. Sometimes Face ID takes a while more than few seconds. And if you setup custom Alphanumeric code, you won’t enter long passphrase in public because of convenience. Make right angle, or retry Face ID are faster than enter passphrase(more than 25 characters). That’s how custom Alphanumeric code can protect iPhone and our digital life from thief.
The way he apologized at the end it really shows he’s a genuine guy and won’t do it again. 😂
Ofc he obv won't do it the day he gets out
😂😂😂
He’s sorry he got caught
yup, he’d definitely target you😂
@@dynamo1796 yup
Theres also the possibility to lock password changes and iclout changes in screentime -> content & privacy restrictions where you can lock different things. That was there already for some time and its basically to restrict children. But can easily be used as precaution for thiefs (or against repairshop people) aswell 🤷♂️
Thanks for this important information. I was able to go in and lock everything I needed even my wallet
Thais is amazing, thank you so much!
Don't be dim your phone is not
Smart neither are you
But the hacker is to a degree
He already has all the information
To hack your information even
Child mode do not be silly
Stop online phone banking payment systems being hacked
You can't see
Being robbed you can see and feel
Thanks for this
8:57 Heartfelt apology with genuine remorse.
Even the reporter was scared of handing him her real phone. So she kept showing the printouts of her phone. Very thoughtful 👏
Nah, it just wouldn't work with the interviewing format to be passing a tiny device back and forth that the audience can't see. This was the obvious correct format. Plus she has no reason to be afraid of him stealing her phone. He's locked up. That would be dumb to do and he wouldn't be able to keep it or profit from it in any way.
He’s being interviewed while in prison. There’s guards in the room with them and they most certainly said NOT to hand him a real phone.
the reporter is at work doing a story she never has to hand over anything personal to a convicted felon
It’s prison can’t bring a phone
Iykyk
So if you pay attention he is not taking advantage of an Apple product, he is manipulating a person using social engineering. Also, this guy is a great example of a person with no repentance, when he gets out it’s right back to the same things.
Fr
How do you know ? I mean that part was funny. Maybe he is not showing remorse in front of the camera but man give people a chance. Just because he is in prison does not be he cant spare a laugh.
No. If you listen carefully this thief has a specific technique to exploit Apple devices. Specifically that FaceID can be changed to any face and that then allows users to empty bank accounts as there’s no check that the face is the same, only that there is a face. The secondary issue is the ability to change the passcode to iCloud without another factor (minor point as it’s not uniquely iPhone but it is a characteristic of apple products).
@@kpovibonsdani630no. Do not give them a chance. They will absolutely do it again. Dude who scammed me had the help of his father and we made a business deal together. Turns out his father's been doing it for years. It should be a deportable offense but since he is a fully realized citizen they won't deport him. It's crazy to even think about letting criminals stay here just because they became a citizen. They should be walking on eggshells for fear of losing citizenship at any time, but they just come here to scam people.
@@matthewyabsley how he gets initial access is the definition of social engineering, using the person to unlock the phone initially and exploiting that by either remembering the passcode or asking the person for the passcode. After he gains access then he can change the Face ID.
You should consider doing a piece on the other side of the story which is how Apple absolutely refuses to support the actual iPhone owner once their phone is stolen and they're locked out of their Apple ID, and they loose thousands of dollars of digital assests.
Scariest thing is that the Apple ID itself (the email address) can be changed, then you can't even start account recovery as you don't know anymore the Apple ID to restore.
how does that work? are they protecting the owner from a scammer getting into their phone or what? They can't just let anybody access without proving.
I think those things are kind of at your own risk. Banks won't help you either if you give someone your PIN and they steal your money. Of course, these guys aren't going to admit they gave out their passcode because they were trying to score drugs or be attached to the next up and coming rapper. While it may not be foolproof, I don't put financial things on my phone in hopes of preventing things like this. I also don't have an iPhone. 🤷🏾♀️
The same as WhatsApp, if your phone is stolen and the SIM removed, the attacker can still assume your identity to speak to your contacts. You can not get back in and they refuse to block the account as there is still no way to after 7years of reporting this.
I was homeless, started having kids, couldn’t find a job… just about the opposite of a life plan
😂😂😂
😂😂😂
🤣🤣🤣🤣🤣
Social engineering is the one and truly vulnerability cybersecurity cannot seem to shake off
my advice is that people do there research manipulation techniques shouldn't be that effective yet it is , probably due to lack of education
software security has become a lot better today compared to years ago. Criminals have to choose the easier way, social engineering. No more good ol hacking (breaking into a device or network without touching it) by exploiting software flaw... well, there is but not as many as social engineering hacks.
You dont need social engineering to unlock an iphone.
@@Teluric2 How does one physically acquire a phone to unlock it ? You have to CONVINCE someone to hand it over if you don't have an eye level view. This is why he said he selected drunk college students....So while you may not need social engineering to unlock the phone, you need social engineering to get the phone so that you can unlock it.
@@jyeviolegrace2143 It’s easy because too many people live life comfortably. They go around as if any given thing can’t happen to them because it hasn’t happened yet. You don’t need to research anything to figure out that giving a stranger your phone and the passcode willingly is stupid.
On Android you need to re-enter the passwords on each app that uses biometrics after biometrics change. A bit annoying but clearly useful
Evidence that iOS isn't as secure as people say it is
Lol, if this was Instagram, you'd get hate speech immediately for saying this.
He did say he stole androids . I guess you missed that part
@@Jst4vdeosdon’t buy drugs kids. Simple.
@@Underdog271 stealing and accessing banking are very different. Android forces you to re-enter the apps password if there has been a biometric change
Great video report. Heard the Journal podcast, now seeing this, I thank Joanna Stern. Very telling to see the perpetrator -- he is smart, adept and amoral. In his dreams he goes straight but really he's waiting for the next trick. What a waste of talent! Millions of people could do this, the bar may make it easier but a coworker could easily become the thief. I have a long code now, it's a pain, but it's worth the trouble.
Thanks for the tutorial
“I was homeless then started having kids” 🙄
Like what?🤦🏾♀️ sex should be the last thing on a homeless person’s mind! 🙄
😂😂😂
@@mayberryfiya3528you’d think that but sex is at the bottom of Maslow’s pyramid along with water, food, shelter etc. It’s just a physiological need.
That irritated me so much 😑
Bros definitely scheming something else once he gets out 😂
Man’s said there’s going to be new tricks when I get out 😭😭😭😭😂😂😂😂 he gon get out and run up the bag again
Thanks for the tutorial bro very helpful
Ikr I’m so glad for this training, my new career starts tomorrow 🥳🎉
Excellent journalism work, Joanna Stern. Because of your reporting, millions of iPhone users will benefit from iOS 17.3 and beyond. Who knows if you can even put a number to how many lives and heartaches you have saved with this critical reporting. Very impressed.
It’s not excellent journalism I just discovered on Reddit that they said this was nothing more than a made up fear mongering piece of 💩 that black guy has a IDMB and he’s an actor so this is all made up think of Jerry Springer
Sadly many iPhone owners don't want to admit Apple is at fault too, they blame the person
@@americanfreedomandworldpea6912so its the banks fault if someone watches you put in your debit card pin, mugs you, and goes on a spending spree? I think not
@@phothewin6019please explain, what is special about the Pixel 8 pro’s security settings out of the box?
@@EndOfLineTech once they gain full access to your phone number and Apple account, they can gain access to your bank or payment apps via by 2FA or forgot password reset (reset link via email or text). I was a victim of a "SIM swap scam" and they tried to send themselves money on a payment platform I had, not my bank. My credit card was saved on the payment app. Password was reset via email and text message security code reset.
This is just one of the many problems you have to worry about if you are in the habit of going to bars, getting drunk and talking to strangers offering you drugs!
Also, the banking apps that let him open them by face id have horrible design flaws.
Most of the apps these days won't let you open them with faceid if a new face has been added.
It's really weird that banking apps don't have this feature..
I’ve heard of people having a “drinking phone”, usually an older or cheaper model with nothing important on it, just a SIM with a PIN code. Or just a cellular smartwatch, which locks the moment it’s taken off a wrist.
@@B.D.F. I have a drinking phone and drinking car in case I get in an accident driving home.
Talking to strangers offering you drugs sounds insane to be honest, i always have my own stuff
I got my phone stolen twice
7:25 thanks for leaving this in 😂😂 what a player 🎄⛄
thax for guide
In my country, the scary thing is criminals forcefully take the phone from you and kidnap you for a couple of hours where they drain you out. So even if you put all these measures in place. If they have you under armed hostage there's no way escaping it.
Are you in SA?
If not doing what they tell you to do would result in a state of person not breathing, that would just be a summary of your country's crimes in general.
What is your country?
That’s the most extreme situation though
well, relocate.
He’s 26 years old looking like he’s going on 45 😂
Yeah that's what prison will do to you
Good video. Good journalism. 🤙🏽
2:38 😆 “ I was like no” sure 😂
Thank you! I said so everyone's just going to let that go? 😂😂😂
He doesn’t sound like he is being honest if he will do it again.
He's having an interview that will be broadcast to the world, of course he's not going to say that he'll be back with the old gang 😂
What does honest and sincerity sound like again ? A somber tone a with a sweet smile etc . Calm down the dude is in prison volunteer information that doesn't help him in anyway . Appreciate the information that was provided and move on.
🤡. He’s giving you honest advice.
I largely credit Joanna’s report for Apple’s new security measures, it was a massive oversight that I’m glad got addressed.
Absolutely, I mean Apple employs some of the smartest people in the country and around the world. I'm very surprised this type of vulnerability wasn't discovered from within. I was a little worried that Apple had decided not to address Joanna's orginal report, but I'm so grateful they did. I feel like Apple owes Joanna big time.
Apple could do more to lock apps and folders with additional layers of security.
@@dazwhit I agree, locking apps should be a feature soon. Even if some crypto apps have that built-in, it should be an option for every app on the phone.
It really didnt
no matter what ...just know the C.I.A. and MOSSAD can break into your phone faster then u can say " hi "
"You wanna buy some?" "Nooo" while tweaked out is wild
Excellent journalism 👏🏻💐
I believe creating awareness among people is extremely important in order to avoid further incidents and victimization.
He's sorry he got caught you can tell that was a high for him like a drug for a junkie 😂
He gonna do it again
@@cherylblossom9163He will do it again. Because he doesn't respect the law.
Hope he's being honest not just to the camera but to himself and he actually does do better in life.
Hoping never works.
@@mpetty9947 neither does force or coercion and theft and manipulation put one behind bars as he found out. So hope is a virtue which far surpasses a vice
It's called using face id or finger pint. i never put in my code out in public. And i have two factor identity activated to another number which is only used for the codes
Yeah, that helps when you not give your passcode or unlocked phone to someone else but those „victims“ does exactly that…
And with that even 2factor or biometric security will help nothing…
Cons and pros for finger print/face id..when u were sleeping/unconsious /even dead.. they could use you to unlock the phone.. There was a case..teenager murdered by her bf,and the family didn't know.. cause her phone still replied messages from family, her phone used finger print as lock..they didn't know she was murdered,her bf used her finger to unlock her phone to reply the messages..
@@fen-7899 at least that is no issue under Face ID, when you set up attention mode Face ID only unlock when you look into the camera and during sleep or when you even dead this will not work anymore and with that you need the passcode…
very smart having the other number just for 2fa codes.
Why tf would you hand a stranger your phone?!
Pretty common in the US when giving out numbers and Snapchats.
@@Weronzyreally? Thats common? I guess being an idiot is common then. It’s like if someone asks you for your phone # or address and u give them your wallet to look it up, why would u do that
@@jicalzad ask them? 🤷🏻♂️
Hey man I left my keys and phone in my car and I'm locked out. Can I borrow your phone to make a call?
I love how many of you don’t know that guides access exists
Correct me if I'm wrong here, but some banking apps will actually close the session and force you to log back in using your password if your biometric authentication has been tampered with.
Don't save your passwords in your notes app without password protection, and don't enter your passcode in front of other people.
This guy doesn't really seem sorry or too regretting, I feel like he will just go out there and do some new techniques once he's out.
Yea that is true, changed my passwords and face id and bank app required me to input banking password and forced log out
Of course they do. This is nothing more than a fear, mongering piece. I wouldn’t even surprised if this was all a fabricated lie in that black guy was just an actor.
If they have full access to your Apple account and phone, they can press forgot password and reset it. Plus not everyone use biometrics for banking, plus fingerprint stops working after awhile as your hands becomes dry and cracked. Face ID could be hacked by simply putting the phone to the person's face, maybe while they're sleeping or if knocked out or worse... Or just when you're conscious and they put the phone to your face and then run away
@@americanfreedomandworldpea6912that's not true, the users eyes need to be open to unlock FaceID, you'd literally need a hyper realistic mask costing thousands of dollars or force the person to look at the phone
actually samsung pay does this! apple pay should do too.
How about fingerprint scan security lock? Are there vulnerabilities to that? My Samsung is on fingerprint unlock for both android and all my bank accounts.
If you got incapacitated, how hard would it be to unlock your phone with your fingerprint?
I absolutely love Joanna Stern's videos and reporting, normally because they are funny, light hearted and informative. In this case, Joanna has done an excellent piece of reporting that will probably save a lot of people from having their tech lives hacked. I've had my phone stolen before but literally it was only the phone. My life didn't change. However, if my bank accounts, etc were compromised, it would honestly be devastating. Joanna's perseverance will help many. Thank you.
He said he was homeless and started having kids . That was a smart move.😂
My eyes got so wide when he said that!!!
Excellent reporting!
Great video. I admire that this guy went in front of the camera. I am surprised how a highly secure device like Apple can be abused. I think that because of your video, the security elements will change. Apart from those that have already been added after your calls.
When you buy anything with an IMEI number, make sure to have a photo of it and have that number in your personal safe for your records. Pawn shops require you have your personal ID to sell anything and the product's IMEI. As soon as your stuff is missing, you can use your IMEI and report it to the manufacturer and authorities so that if your item is scanned in at like a pawn shop, an investigation can be started. I haven't worked for a cellphone company in a hot minute, it's been about 5 or 6 years now, but the IMEI numbers used to show up in the systems whenever an active SIM card is in the phone and can be black listed and it's location can be given to the authorities based on the towers it last pinged off of.
Problem is IMEI cloning. Also, most cops will not even bother with stolen phones, only cars or very higher value items.
Ya I’m sure that works in all countries EXCEPT South Africa my beloved country 😂
Lol, I know at least 4 or 5 pawn shops right now I could sell them anything and they won't even ask for an ID.
There is no accountability, made kids while homeless. Then decided to rob people because of his poor decision making.
BLM
Yup. Probably on food stamps and government assistance too; thanks to hard working, responsible tax payer money.
I don't know if its an american thing but i never understood why people in the US give their phones when adding someone as contact instead of asking their number or userId and then saving it themselves. It almost takes the same amount of time.
A couple of days back i was watching a video about a server in a restaurant somewhere in the US who swiped thousands of dollars from customers credit card simply because in the US customers just hand over their card to the servers to pay whereas in most other countries that i know of the server brings the card machine to the table or you go to the cash counter to pay (usually in small establishments).
I think people should be more careful whether its their credit card or phone because phone contains all your personal data and even money and just don't give either in the hands of random strangers even if it makes u look rude for a moment
96 months to think of another way to break into Apple’s new iPhones and NOT get caught. Greed already got a hold of him and he’s not letting go.
Thanks for covering this. This happened to me and it’s encouraging to see increased awareness. Excellent journalism
Do you use face id?
This is a Commonsense issue. Pay attention to your surroundings.
@@commonsensebuyerlol oh didn't think about that, great insight
He will be doing this again once released and hoping he won't get caught.
I wish I could predict the future like you . What are the winning lotto numbers ?
@@sumguy9120 Did you listen at the end of interview of what he said? 🤡
@@sumguy9120because he totally regrets earning $20k a weekend, sure🤡🤡 the only thing he regrets is getting caught.
He could be recruited by the FBI cybercrime division to aid in the capture of more iPhone stealers.
Feds gonna be on him.
Scary!
thanks for the idea
You can actually get around what he’s doing if you go to screen time and you add a screen time password and add a completely different password and then you can prevent your Apple account from being changed off the phone
“ I was homeless, I didn't have a job, started having kids” Seriously no job no home but make kids?
He wants his kids to be homeless too just like daddy in prison
I’ll never under comments like this- stop thinking like you. Start thinking critically and empathetic: you don’t typically go from a nice stable home , with an education and a support system to being homeless. That’s rare. He was hella young and homeless.. which means he probably never developed or was stunted in matters of impulse control. So they are having sex. Because it’s nature but literally are not capable of visualizing the consequences
Someone who’s had stability would say hey I am not financially ready I wanna have sex but not kids.
But to me what you’re saying is like “wait so you were broke and still spent money on drugs?”
Yes. Because logic and forethought are gone.
He stole and should be punished but when I see that nobody wants to give an ounce of understanding or compassion I begin to believe this will be a cycle that will just keep happening.
@@99names16 Well, then you should try to learn from a rock on how to Not make a kid.
One kid costs like $100,000 dollars from 0 to 18 years. Use your brain if you have one
WHAT IS BEST MODEL OF THIS ANTENNA ???
If they change your account email then Apple have no ability to trace your account on their system. This seems a massive vulnerability
Yup, the key is not letting them into you Apple account even if they get the passcode. 2FA.
Kind of wild that you can change the face and still get unrestricted access to banking apps. Those developers should demand the ability to detect that (e.g. new FaceIDID) so they can require a brand new login once the face is updated.
That's really what shocked me. Easy to implement.
All my banking apps require the actual bank numbers, codes and passwords to be re-entered if the faceID is changed.
Yes!
Yeah. That too. But also, asking for an *Apple ID and password* before allowing somone to change FaceID.
It baffles me that their optional "fix" is a geolocation measure buried in the Settings and not just asking for the user's password.
All my banking apps are locked if the biometrics get changed and they've been like that for years. So the ability to detect it is there, but clearly some banks are lax about security. Someone being able to reset my Apple ID password with only the passcode is a bad thing, but it will never give them direct access to my bank accounts.
This happened to me in NYC. My case is still open and my suspect is in jail waiting for trial. I would like to talk to WSJ to go over details and my ongoing case, I have a crazy story to tell.
They created a 28 character recovery key, they opened credit cards, applied for much more. I am still living in digital lockdown, I have not gotten my icloud back either.
I’m curious as to how they got to your phone in the first place, and how were they able to unlock it?
@@tjr4459Some people are just really good with numbers..
I remember numbers. I know all my friends & family's passcodes just from them opening their phones while I'm seated next to them.
A few years back, a fellow in the seat in front of me on the bus, gave his credit card information to someone on the phone - I still know that number and expiration. I told him at the time that he should be glad that I'm an honest person and not to do that again.
I see this behavior all the time. User error. 😢
(BTW, have a $190 android phone with no data in it, a mathematically complex password, and never open it anywhere near anyone.)
@@tjr4459 In my case, they had friends that scoped the code, then gave the people that brutally assaulted me the code as they stole my phone. It was a whole operation, 2 people assaulted me, 2 others scoped out my code. Thats a long story short.
@@HunchoVidsabsolutely appalled by Apple's lack of action, your iCloud still locked?
You can tell he is filled with remorse, truly heartfelt.
i hope this is sarcasm.
Yes please. I would love a video that does a deep dive on the *Metaspyclub* project
I’m surprised it lets you add a new face and just take over bank accounts set on a prior Face ID lock mode. The apps should be responsible as well partly to store security data like that and make you login via the actual password set for the banking app for example if the face is removed and a new one added.
Bank in UK NatWest , you use your face ID to open the app however to add ,change approve a transaction you need to verify it's you for example if you add new payee you need to verify it's you in the app this is independent from apple face ID ,you set this up when you download and log in first time, it takes a picture of you.
The way iPhone security works is that your biometric data (FaceID/Fingerprints) are never shared with any of the apps on the phone. They just query the phone and the phone responds with whether the challenge passed or failed. There's no way for apps to validate your info unless they also made you input a password in addtion to the FaceID or TouchID login, which would obviously annoy people. This one is on Apple to fix.
So basically apple should notify all apps that biometrics changed, so that they re-ask
@@CutiePi I get what you're saying but what you're missing is that they will just ask if FaceID sees a match, and it will say that it does. FaceID can't tell whether or not it is the same match as before because that old data was wiped clean by the thief. Apple does not let the biometric data out of the FaceID or TouchID chips themselves. Even the iPhone's operating system doesn't see that data, it just gets what's effectively a "match" or "no match"...your biometrics stay on the FaceID chip for security and privacy reasons and as a result it can't pass on details to the apps installed on your phone either.
@@Invid72Apple could offer a hash to prove that these face id results generated this hash for the app, if one face is removed or added to their list, the hash is different and require to re login. Android already does it, not sure how its done on Android, if anything was changed about finger print settings, nearly every app requires a relogin to enable fingerprint again.
Here's a tip - set up a screen time passcode, and use it to lock account changes. Make the screen time passcode different to the one used to unlock your device. This way even if someone had your device passcode they would also need the separate screen time passcode to make changes like reset your Apple account password.
Exactly. I work for a major carrier, and after every iPhone purchase, I take the time to teach buyers exactly that. “Don’t allow” Passcode changes account changes and cellular data changes. And turn on “findable after iPhone is off” and finally don’t be like these two idiots on this video 😂
Thanks for the tips! Just set this up on my phone 🤍
Unfortunatelly no! That's a myth! Screen Time Passcode can be reset with regular Passcode!
@@GokuUzumaki93 You use a use numbers only. Then you are like 99% of all the Apple users I have met.
No it can't, otherwise it wouldn't be very useful as a device lock. It can be reset with an Apple ID, which the thief doesn't know and can't change because account changes are locked.
1:12 do not turn this on. thiojoe covers this more in depth but all it does is allow access to your phone if you are at a "familiar location." it's not secure because if they simply figure out this familiar location they can skip a lot of security steps that they'd have to go through if the feature was off.
Good journalism right here
Apple needs to add this stolen device protection to iOS 15 and 16 as well, as they are still being supported with security updates.
No
@@noyes.yes
Good thing I’ve never used finger Touch ID and Face ID on any iPhone ever. It’s insecure.
no, just use ios 17
the only reason to stay back is if you're a jailbreaker/sideloader
if you're either of those then you can probably do better
@@tomikun8057 I don't mean for people who use supported devices on those older versions, I mean for people who use devices that were dropped with iOS 16 and 17, the iPhone 6s, 6S plus, SE first generation, seven, 7+, eight, 8+, X, iPod touch seventh generation, iPad mini four, iPad Air two, iPad fifth generation, iPad Pro 12.9 inch first generation, and iPad Pro 9.7 inch.
None of this is possible if Apple asks for current Apple ID password instead of 6 digits passcode before letting you change the Apple ID password
Yeah, but what if you forgot your Apple-ID-password? You would never be able to log into your account again...
@@ChrisMustermann That’s why sometimes listening to customers isn’t the best idea 😂😂
@@ChrisMustermann2FA, most people have more than 1 Apple product. If not, a recovery email should do it
@@ChrisMustermanndon’t you have to put in an alternate email when you make an account or something?
@@ryleypalmer Can’t remember how it was several years ago when I set up my account. Over the years their safety-mechanisms changed a lot.
This guy is actually crafty, if not smart. There are people like this everywhere. They are on 24/7.
MacBook password is 15-digit alphanumeric and I at times get locked out as it's a slight variation of my other passwords.
PINs are useless
I still don’t see how his strategy works with anyone except the most careless and gullible people.
it indeed only works with the most gullible and careless people out there, but this group is bigger than you think.
So basically he locks the phone and then tries his face to unlock it. The phone doesn’t allow it. So he hands it back saying sorry man it’s locked and the stupid user unlocks the phone with the passcode and gives it back. In that moment he and his gang notices the passcode
Yes, that's how spam works. A person who can't spot obvious signs is a perfect victim.
That’s the thing. It only works if you’re an absolute moron or drunk. I’m not saying this isn’t worth reporting or that apple shouldn’t take extra steps to prevent this, but this really isn’t as scary as people are making it out to be. 99% of people will be fine because they were taught common sense
People are too trusting.
Dude is going to learn the new tricks when he gets out
What do you mean when he gets out? He's already learning the new tricks INSIDE prison lol
Stop being so negative, He will get a normal job and become a better person if someone gives him a chance.
I still got the 8plus with fingerprint. Should bring it back.
They should have never removed fingerprint sensors, I got a Galaxy S23 Ultra so I have a complex pattern passcode and fingerprint so this would never had happened to users like me who don't use numbers.
Unbelievable.
He definitely shot his shot with the "first you got to hire me"
"I truly am sorry" Yeah, and my grandmother is a virgin
Another way around this do this, go to Settings -> Restrictions -> Content and Privacy Restrictions -> In the allow changes section you can disable Allow Passcode changes and Account Changes
I see so many people speaking negatively of him and his actions however this is gold and a company should hire all the criminal minds. for that reason, they could seal up the gaps and vulnerabilities. These crimes' I mean "social experiments" (where people get their things back of course) could be studied and used in a CEU training program (The victims would have to go through to learn - get their items - money back)... Am I making this up or is this already out there? Honestly, because of their work, they would create new tech/human advances. We already know many crooks are brilliant, it could work!
You sound just like the guy who would go on to claim that this criminal is actually a good guy who did nothing wrong.
He is no criminal mastermind and just by watching him talk, one can tell he is not capable of being one. Targeting drunk people and then making them share their passcode and watching them type it in and then stealing the iphone itself is no big deal. He is just a petty criminal just like a pickpocket and not someone any company would hire. Maybe you're just defending him bcoz of the same old race thing but that guy deserves his jail time and some more since he isn't remorseful and will get back to doing this again as soon as he gets out
@@exelrodeif you haven’t been aware many big companies like apple ,Microsoft and other big companies did in the past hire criminals hackers ,why do you think they hire criminals hackers ?probably because they were able to find vulnerabilities on their products and they were able to exploit it .
@@Omar-kl3xp 👏🏾👏🏾Thank you!!! Finally someone put some enlightening on that “troll” 😂
I came to this expecting good tips and instead got “don’t give your phone passcode to random people posing as drug dealers”.
Yeah, now investigative journalism is basically just common sense.
He got straight to the point when he gets out of jail "there will be new tricks out"
😂
Bro definitely is gonna go crayyyyyy when he's out 😂
He said yeah new tricks gonna be out
😂😂😂😂😂
He is most certainly going to do this again. He has not regretted anything about this, except going to jail.
thats why andriod are alot safer with fingerprint sensors and also needs a password and code
Theyre safer cos of theyre poor resale value
This is not an "Apple security vulnerability". This is a user defect.
I always thought that the iCloud password is more important than the code. But to make it more convenient to the users, now the code is my important than everything else.
No, it’s an Apple-introduced vulnerability. The passcode was never designed to protect the Apple ID from the beginning. Now they made the passcode the most powerful thing, even more powerful than passwords. It’s bonkers
It's both. A 6 digit pin is as secure as your birthdate
Nearly all people have the minimum passcode of 4 digits on their phones, which is NOT enough to protect an online account. If you argue that the user shouldn't use such a short passcode, blame apple for allowing it to be that short. Even TOTP 2FA apps have a minimum length of 6 digits, and those codes are only valid for 30 seconds. This is not the user's fault, this is an inherit security flaw in apple's ecosystem.
Security is not just about providing biometrics or password protection, but also about identifying critical hacks and enforce preventive measures.
So... some blame is on Apple as well.
This is enforced in banking very much... limits on transaction amount from ATM, internet banking etc.
Thank you for the on-going effort of this investigative report, good journalism!
.....did they throw the book at him? No remorse whatsoever. People like him are "career criminals". I see him behind bars again in another few years....
"faster that you could say Supercalifragilisticexpialidocious" 🤣🤣
Min 4:10
Situational awareness is the key to preventing yourself from falling victim to one of these types of attack.
1. If you're in a crowd, find yourself a secure area to put your account PIN in. For example, put your back against a wall with your phone as close to yourself as possible so as to not allow anyone to be able to look over and be able to see you enter your PIN.
2. If you can't use method number 2, just like when you're at an ATM and you're entering your account PIN, cover your phone with one hand while inputting your PIN with the other. Again, this is to make it so that no one can see you enter your PIN.
Again, situational awareness is key. Know your surroundings, never leave your phone on a table or bar and if you do need to turn your head away, put your hand atop it to keep it secure and in your control. When you're in public, you need to be wary of everything that's going on around you including people; in other words, be paranoid of your device and your person. Always act under the condition that you're being watched and take precautions to minimize the threat.
The truth is Apple Inc love a guy like this guy because this guy is helping them widen their ecosystem. As for the people who lost their iPhones to this guy, will bet, they got another iPhone. Never hand your phone to anyone.
I don't do any banking through my phone. I have venmo, but I arranged with the bank so that you can't access the accounts through it.
Honestly, he just got good at being a thief, and had the social ability to sly people. When he gets out of jail, he's going to get a friend to show him the iphone, and he's going to find all sorts of new ways to underhand people again.
I mean, don't hand your phone to a random stranger and then give them your password. I feel bad for the people that had to learn this lesson but like, come on man.
I was thinking similarly. I don’t like anyone touching my phone due to germs as is.