Stolen iPhone - Criminals have full control and Apple cannot help!

[danclara]

I work in London and was at a restaurant/bar on Thursday. I use FaceID and have a 6 digit pin. During the night my FaceID must have failed at some point.

My phone went missing from my pocket and I realised within 5 mins. I was very suspicious. I instantly went on my friend's phone and attempted to login to my icloud. My password did not work.

Long story short from here but it had been stolen and the thieves had my passcode. They locked me out within minutes. There is a massive security flaw that allows this to happen.

I am reasonably cyber security aware (or so I thought). I had two step authentication set up on iCloud. I used my wife's number for this, thinking that makes things way more secure. It does not.

Apple allowed the thief to lock me out and change my password for icloud.

They have had full control of my phone and data for 5 days now. I can't disable my account and I can't login.

I am stuck in a recovery loop. 1 day later I had a new sim with my phone number. I can verify the code for this and also my wife's number. I verify the code sent to my email that I have regained control of.

Final request was for me to enter my bank card in full. I did this originally but I have had to cancel all cards as the thieves used my Apple pay to buy £1000s in Apple products!

I have visited an Apple store with my passport but absolutely nothing helps me. The power is with the criminals and I cannot stop them.

I waited 72 hours for recovery but then heard nothing. No sms or email.

I was told to try recovery again but it has gone back to where I was 5 days ago.

Meanwhile the criminals are using my WhatsApp to extort money from my contacts (1000+ of them) pretending to be me needing money. I have found out 4 have sent money and it could be a lot more.


I am powerless to stop this.

Does anyone know why my recovery is failing despite having all the information Apple asked me for?

Are the criminals with my device able to block my request from the device?

I haven't slept in 5 days with worry. They also sent threatening messages from my phone to my wife, with photos of my children.

Still Apple will do nothing to help. It is sickening.

 

[russell_314]

There's a MacRumors article with over 200 replies on this topic. It has been all over the news..

I don't think there's a patch for this yet

https://forums.macrumors.com/threads/apple-responds-to-report-about-thieves-permanently-locking-out-iphone-users.2387229/

 

[Vref]

I work in London and was at a restaurant/bar on Thursday. I use FaceID and have a 6 digit pin. During the night my FaceID must have failed at some point.

My phone went missing from my pocket and I realised within 5 mins. I was very suspicious. I instantly went on my friend's phone and attempted to login to my icloud. My password did not work.

Long story short from here but it had been stolen and the thieves had my passcode. They locked me out within minutes. There is a massive security flaw that allows this to happen.

I am reasonably cyber security aware (or so I thought). I had two step authentication set up on iCloud. I used my wife's number for this, thinking that makes things way more secure. It does not.

Apple allowed the thief to lock me out and change my password for icloud.

They have had full control of my phone and data for 5 days now. I can't disable my account and I can't login.

I am stuck in a recovery loop. 1 day later I had a new sim with my phone number. I can verify the code for this and also my wife's number. I verify the code sent to my email that I have regained control of.

Final request was for me to enter my bank card in full. I did this originally but I have had to cancel all cards as the thieves used my Apple pay to buy £1000s in Apple products!

I have visited an Apple store with my passport but absolutely nothing helps me. The power is with the criminals and I cannot stop them.

I waited 72 hours for recovery but then heard nothing. No sms or email.

I was told to try recovery again but it has gone back to where I was 5 days ago.

Meanwhile the criminals are using my WhatsApp to extort money from my contacts (1000+ of them) pretending to be me needing money. I have found out 4 have sent money and it could be a lot more.


I am powerless to stop this.

Does anyone know why my recovery is failing despite having all the information Apple asked me for?

Are the criminals with my device able to block my request from the device?

I haven't slept in 5 days with worry. They also sent threatening messages from my phone to my wife, with photos of my children.

Still Apple will do nothing to help. It is sickening.

Take it you can’t do a find my phone and do the needful?

Maybe ask the Apple stores for security footage? Though I think they probably would defend the criminals

Go back to the bar and ask for footage and maybe how they paid their tab? Maybe someone knows them?

 

[danclara]

Take it you can’t do a find my phone and do the needful?

Maybe ask the Apple stores for security footage? Though I think they probably would defend the criminals

No they disabled find my phone within minutes. Removed family sharing and changed the icloud password and phone passcode. To do this, all they needed was the phone passcode.


Huge damage has been done already, but the main reason for my post is to find out why recovery is failing.

Is it just impossible to recover because they are logged into my phone fraudulently?

I have verified codes via SMS and email but it still failed.

The bank card verification doesnt work as I had to cancel my bank cards.

 

[danclara]

There's a MacRumors article with over 200 replies on this topic. It has been all over the news..

I don't think there's a patch for this yet

https://forums.macrumors.com/threads/apple-responds-to-report-about-thieves-permanently-locking-out-iphone-users.2387229/

Thanks, I read the entire thread.

I just want to know if I'm doing something wrong with recovery. I had hoped that today after 72 hours I would have a chance to regain power of my icloud, but I haven't. I'm now back to square one.

The criminals now have AT LEAST another 72 hours with full access to my phone.

 

[Vref]

No they disabled find my phone within minutes. Removed family sharing and changed the icloud password and phone passcode. To do this, all they needed was the phone passcode.


Huge damage has been done already, but the main reason for my post is to find out why recovery is failing.

Is it just impossible to recover because they are logged into my phone fraudulently?

I have verified codes via SMS and email but it still failed.

The bank card verification doesnt work as I had to cancel my bank cards.

Depending on what your goals are, obviously call your banks and all your contacts etc

But if it was me
Talk the folks around the bar, I’d make a hobby out of this

 

[danclara]

Depending on what your goals are, obviously call your banks and all your contacts etc

But if it was me
Talk the folks around the bar, I’d make a hobby out of this

My only goal currently is to get my apple account back. They may have wiped the data, I am not sure.

Just awful when it is so clear my account has been stolen and Apple cannot help.

The banks stopped all transactions instantly but Apple give the power to the thief.

It should be obvious that I am the account owner when I verify via two separate SMS codes and email code.

They should have a REAL team who can check the account and see what the criminals have done.

Why would any genuine Apple user go on their own account and disable all security, then change the passcodes/words?

 

[Vref]

I take it you also got a new sim and invalidated that one ASAP?

 

[danclara]

I take it you also got a new sim and invalidated that one ASAP?

Yeah that's correct. I did it ASAP, within the hour. I was frantically calling my banks too. Whilst also trying to check my social media and email accounts.

It's just crazy that Apple don't ask to verify the phone number I set up to remove find my phone and change the password.

 

[antiprotest]

Yeah that's correct. I did it ASAP, within the hour. I was frantically calling my banks too. Whilst also trying to check my social media and email accounts.

It's just crazy that Apple don't ask to verify the phone number I set up to remove find my phone and change the password.

Sorry this happened to you. I am also interested in what's going wrong with account recovery so please update if you get this resolved.

Too late to help you with this now but just in case you are unaware, to prevent this from happening again make sure you set up a screen time passcode and use parental control on yourself. Go to content & privacy restrictions, and set account changes to "don't allow".

And of course, never enter your phone passcode in public again. When Face ID fails in public, I just put my phone back in my pocket and wait for a private spot to unlock it.

 

[Camarillo Brillo]

This is crazy. Sorry this is happening to you. Makes me rethink having bank access tied to iphone…

 

[Howard2k]

I work in London and was at a restaurant/bar on Thursday. I use FaceID and have a 6 digit pin. During the night my FaceID must have failed at some point.

Sounds like they watched you enter your PIN. Once that's done, FaceID is trivial to force into fail.

I hope you get it sorted. I see people entering their phone PINs routinely without trying to obfuscate the process. I know most of us try to cover our PINs at the ATM, gas pump etc. We should always do the same on the phone too.

For anyone else, here's Apple's account recovery

How to use account recovery when you can’t reset your Apple Account password - Apple Support (CA)

If you use two-factor authentication and can’t sign in or reset your password, you can regain access after an account recovery waiting period.

support.apple.com

 

[danclara]

This is crazy. Sorry this is happening to you. Makes me rethink having bank access tied to iphone…

Thank you.

Yeah some banking apps are easily accessed. Money was moved in my accounts. I had face ID on them and they could just let that fail and enter the phone passcode.


I have learned a harsh lesson but pretty much everyone I have spoken to has said their phone is setup in a similar way.

Apple needs to do more here. Their passcode gives total access to a person's life.

I thought two step authentification to a number that is not my own would totally protect me from what has happened. I wish I had checked this.

I just stupidly assumed there was no way someone could reset icloud just by having the phone passcode.

 

[jessebkr87]

My banking apps and other similarly important apps (1Password) don’t allow logging in with device PIN if Face ID fails. All mine prompt me for my password for that account. Thankfully, I think this is standard for those types of apps.

Sorry this happened to you.

 

[Howard2k]

Thank you.

Yeah some banking apps are easily accessed. Money was moved in my accounts. I had face ID on them and they could just let that fail and enter the phone passcode.


I have learned a harsh lesson but pretty much everyone I have spoken to has said their phone is setup in a similar way.

Apple needs to do more here. Their passcode gives total access to a person's life.

I thought two step authentification to a number that is not my own would totally protect me from what has happened. I wish I had checked this.

I just stupidly assumed there was no way someone could reset icloud just by having the phone passcode.

2FA is for access from a new device.

The thief getting your passcode is basically the same as them being you, as far as your phone is concerned. It’s a master key. Setting up your phone the way you did you’ve told it that with the passcode anyone can access your banking.

I would ensure I limit automatic sign on only to credit cards and bank accounts that are limited in dollars. it’s a risk vs convenience trade off, and again, be hyper vigilant about entering the passcode. That was likely the real weakness, entering a passcode so it was visible to the thief.

Total nightmare. Again, I hope it’s sorted ASAP.

 

[Howard2k]

My banking apps and other similarly important apps (1Password) don’t allow logging in with device PIN if Face ID fails. All mine prompt me for my password for that account. Thankfully, I think this is standard for those types of apps.

Sorry this happened to you.

That’s a good feature. I don’t think my bank app has that option but I’ll take a look.
I do have FaceID and remember password disabled on my password manager app.

 

[danclara]

Yeah I was stupid to have somehow entered my 6 digit pin in public. I'm generally quite aware so feel like someone may have filmed me or used cctv cameras.

I get the pin is powerful once known. But it should NEVER be enough to turn off all the cloud based security users set up.

It's been traumatic enough, but Apple have made it far worse. It is so obvious my account has been stolen but I can't stop their access.

 

[MauiPa]

So bad guys get physical control of device along with password and do bad things. This has always been a problem with any electronic device made by anyone

Although I do agree there should be a lockdown mode that apple could employ on report of stolen device. But if a device is only associated with apple I’d, how would that be enforced? Someone could simply say the phone was stolen and use your credentials to have you locked out

 

[TechnoMonk]

Sorry this happened to you. But you can’t give the key to a thief and blame some one else. I never enter my pin in public. Face ID or nothing.

 

[HarryMudd]

I’m so sorry this happened to you. I don’t feel like you are to blame even one tiny bit! This is NOT your fault to even the slightest degree. You sound like a very responsible person to which something terrible has happened. You are the victim of a criminal. You should be able to leave your unlocked phone laying on the table and walk away from it and people should keep their hands to themselves. Unfortunately that’s not the world we live in.

I agree with you that Apple really needs to step up and address this. There has GOT to be a better way. Both in the initial loss, and in the recovery process. This is shameful.

Having said all that, no one got hurt, it’s going to cause you great difficulty for months to come, but you will live through it and be stronger/smarter for it. Thank you for sharing your misfortune with us so that we can learn from your suffering.

You might look into a Yubikey or similar device. I have. Right now, for me, they seem like too much trouble, but maybe I should re-examine the strategy.

I hope you get your account back and suffer no further loss.

If you live local to where this happened it might be worth your while to make a pest of yourself with the local police, to whom I’m certain you immediately reported the original theft. Keep in mind that each time the thief defrauds your accounts, it would be new crime. You might be able to make a friend at the police department and convince them to really dig into this and catch the a$$hole responsible.

You might also make a stink at the venue where this happened. They are providing a habitat that fosters thievery, possibly they would like to do something about it rather than have their name smeared in public forums and on social media.

I wish you luck, friend.

 

[Apple_Robert]

I’m so sorry this happened to you. I don’t feel like you are to blame even one tiny bit! This is NOT your fault to even the slightest degree. You sound like a very responsible person to which something terrible has happened. You are the victim of a criminal. You should be able to leave your unlocked phone laying on the table and walk away from it and people should keep their hands to themselves. Unfortunately that’s not the world we live in.

I agree with you that Apple really needs to step up and address this. There has GOT to be a better way. Both in the initial loss, and in the recovery process. This is shameful.

Having said all that, no one got hurt, it’s going to cause you great difficulty for months to come, but you will live through it and be stronger/smarter for it. Thank you for sharing your misfortune with us so that we can learn from your suffering.

You might look into a Yubikey or similar device. I have. Right now, for me, they seem like too much trouble, but maybe I should re-examine the strategy.

I hope you get your account back and suffer no further loss.

If you live local to where this happened it might be worth your while to make a pest of yourself with the local police, to whom I’m certain you immediately reported the original theft. Keep in mind that each time the thief defrauds your accounts, it would be new crime. You might be able to make a friend at the police department and convince them to really dig into this and catch the a$$hole responsible.

You might also make a stink at the venue where this happened. They are providing a habitat that fosters thievery, possibly they would like to do something about it rather than have their name smeared in public forums and on social media.

I wish you luck, friend.

YubiKey won’t help in the scenario the OP described.

 

[HarryMudd]

YubiKey won’t help in the scenario the OP described.

Dang! Why not? I thought you have to have the key to open the phone?

 

[Apple_Robert]

Dang! Why not? I thought you have to have the key to open the phone?

The hardware key comes into play if someone is trying to setup a new device.

About Security Keys for Apple Account - Apple Support

Physical security keys provide extra protection for your Apple Account against phishing attacks.

support.apple.com

 

[macfacts]

Main problem is faceID is not perfect, requiring users to use a pin, too bad apple doesn't give users a choice to use touchID.

 

[SpotOnT]

Wouldn’t setting up a Recovery Key prevent this. As in you could use the recovery key to reset your iCloud password and get control back.