While Apple continues to emphasize its commitment to the privacy and security of its users, the latest incident shows that the company’s recovery key system is putting its users at risk. The feature is supposed to help users regain access to their devices if they lose their passwords or forget their passwords. However, it has become a double-edged sword as cybercriminals exploit it to gain access to users’ confidential data.
According to a recent report from CNN, a thief managed to steal a user’s iPhone and gain access to the device using the recovery key. The thief simply entered the user’s Apple ID and password and then used the recovery key to reset the device, locking the user out of their own device as well as other Apple devices connected to the same Apple ID. This also gives the thief access to the owner’s ApplePay app, so he could easily steal money from the owner’s account.
How do the thieves go about it?
In busy areas, such as at a party, shopping areas or tourist attractions, the thief offers to take a photo of a group. In doing so, they “accidentally” hit the lock button and ask the owner to re-enter the lock code. Most owners do this without covering the screen, after which the thief knows the password. Then the photo is taken and later in the crowd and with the owner’s lack of attention, the theft is quickly accomplished. Now that the thief has access to the lock code, the device ID and the device itself, he can go to the Apple website and request the recovery key. By requesting this key, the former owner is completely and irrevocably logged out of his Apple ID and has no access to any Apple devices that were connected to this ID, Apple Watch, iPad, etc.
Apple responded to the report by saying that its recovery key system is a secure method of recovering accounts and that the company is actively working to improve its security measures. However, this is not the first time Apple has faced privacy and cybersecurity issues with its devices.
Just recently, in 2021, Apple was hit by a major security breach known as the “SolarWinds hack,” which compromised the security of several high-profile companies and government agencies, including Apple. Although Apple has not disclosed the extent of the damage caused by the security breach, it shows how vulnerable even the supposedly “most sophisticated cybersecurity systems” are. Especially considering how much money is being spent on marketing related to the new security and privacy tools.
As more and more of the data in our lives is stored on digital devices, strict privacy and cybersecurity measures become more urgent. Therefore, it is not only important for Apple users to remain vigilant and take proactive steps to protect their sensitive data.