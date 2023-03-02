



When you have a smartphone worth over $1,000 in your pocket, you want to protect it. However, devices are not necessarily the most valuable possessions for thieves. Personal data stored on your device.

A recent Wall Street Journal report sheds light on a new way for thieves to hack iPhones and steal information: passcodes. Thieves are now beginning to monitor iPhone users entering numeric or alphanumeric passcodes and memorizing numeric combinations, according to reports. It then steals the user’s phone, logs in and enters the passcode to change her Apple ID password and locks her out of iCloud.

This can stop thieves from accessing your sensitive information or tracking your phone using tools like Find My iPhone. After accessing the account, they can reset the recovery code to block attempts to reset the changed password. Plus, there’s the risk that your passcode can be used to access your financial apps and accounts, allowing you to commit fraud.

An Apple spokesperson told the paper that security researchers would agree that the iPhone is “the most secure consumer mobile device,” and that the company is looking at “emerging threats” to protect its customers. Apple doesn’t believe the specific tactics mentioned in the Wall Street Journal report are common, but it takes these incidents seriously. He said he accepts it.

“We sympathize with users who have experienced this and take all attacks on users very seriously. We will continue to strengthen our protections to keep user accounts safe.”

Apple did not immediately respond to CBS News’ request for additional comment on potential risks.

3 ways to protect yourself from hackers

That said, iPhone users should be careful when using their smartphones in public. Apple has released a series of security updates and data protections in recent years, but there are still some other steps you can take to protect your phone and data. Here are some rules of thumb.

1. Protect your passcode

One of the most obvious ways to prevent potential thieves from gaining access to your smartphone is to cover or completely avoid tapping your phone’s screen when entering your passcode.

Vitaly Shmatikov, a professor of computer science at Cornell University and Cornell Institute of Technology, said smartphone users should rely on Touch ID or Face ID in public as much as possible.

If you have to use a passcode, make sure it’s complicated.

“Treat your mobile phone passcode like you would your bank card PIN code: make it long and hard to guess,” Shmatykov told CBS News.

2. Don’t store passwords on your device

It may be tempting to store complex passcodes and passwords on your phone, desktop, or tablet, but avoid them as much as possible. This can make you vulnerable to potential hacks.

“Don’t store passwords for sensitive websites and apps on your phone,” Shmatikov repeats.

Consider using a password manager. This is a secure software application that can generate and store sensitive passwords. About 39% of consumers (up 3% from 2019) use a password manager for their online accounts, according to a 2022 Consumer Reports study.

“Individuals using password managers and virtual private networks have stagnated since 2019, while many individuals have adapted to using multi-factor authentication,” the study said. 77% of people report using two-factor authentication. Certification for 2022.

3. Set up two-factor authentication

Two-factor authentication, which requires users to enter a backup security code sent to a trusted device or email before entering a password to access a site, is also a valuable tool.

“Two-factor authentication for Apple IDs is mandatory. The second factor must be another trusted device (iPad, Mac, Apple Watch, etc.),” says Shmatikov.

Many experts warn users not to use SMS text messages for two-factor authentication, especially if they are concerned about their phone being stolen.

The threat of SIM swapping, where criminals can hack SIM cards and gain access to mobile phones, is on the rise. The FBI Phoenix Field Office recently explained how the scam works.

“Criminals first identify victims, who are likely in possession of large amounts of digital currency, and obtain phone numbers and mobile operators,” the agency explained in a news release. “Then social-engineer a customer service representative to implant the victim’s phone number onto her SIM card and control the phone.”

If someone gains access to your phone, backup texts will not help protect your account and criminals can easily change your passwords and backup keys.

“Do not use SMS/text as a second factor on sites or apps that require two-factor authentication, such as banking sites. Use an authenticator app (Google Authenticator, Microsoft Authenticator, Duo, Okta Verify, etc.) instead. Use it..) And turn on biometric protection in your authenticator app — Face ID or Touch ID required — ”shmatikov advised. “That way a thief who steals your phone can’t get the verification code and log in to a financial site as you.”

