iPhone thief explains what he does to successfully break into your phone

Inside a high-security prison, an iPhone thief revealed exactly what he did to successfully crack into people’s phones.

He said he could reset Apple IDs in seconds.

That opened the door to bank accounts, crypto apps, and Apple Pay.

For years, the scheme turned a software gap into a multimillion-dollar hustle.

DISCOVER SBX CARS – The global premium auction platform powered by Supercar Blondie

How this iPhone thief pulled it off

Aaron Johnson spelled it out to WSJ’s Joanna Stern.

He said he started out just pickpocketing phones, but then realised that if he waited and watched for the passcodes that would make it easier to get into them.

He used casual approaches, starting a conversation with a device owner just long enough to learn their passcode. 

Often, he simply watched on as people entered it. Other times, he filmed it to replay later.

Then he stole the phone.

Once he had the phone and the passcode, he said everything else was easy. 

Johnson said he’d go straight to Settings, then iCloud, hit reset password, and plug in the passcode to make a new Apple ID login. 

In seconds, the rightful owner was locked out. 

He then enrolled his own face in Face ID, giving him direct access to bank apps, saved passwords, crypto wallets, and money apps like Venmo and PayPal. 

Apple Pay became his biggest tool.

With just a glance at the screen, he could shop freely.

He told Stern he worked fast to stay ahead of recovery steps. 

By morning, accounts were drained, transfers done, and purchases made in stores. 

Phones were then wiped and resold, with high-end iPhone Pros fetching up to $900 each.

All turning a night’s work into tens of thousands of dollars.

Apple’s response, and why you’re still at risk

Apple has since introduced Stolen Device Protection in iOS 17.3.

It’s a safeguard that forces biometric checks and builds in a delay before major account changes.

But as Stern noted, the setting is off by default and plenty of loopholes remain. 

A thief who already has a passcode and adds their own face can still use Apple Pay, while apps like Venmo don’t always demand biometrics. 

Even Johnson admitted Apple’s fixes only go so far. The rest is on the user.

That means switching the feature on, using a strong alphanumeric passcode, and avoiding the habit of storing passwords in Notes or Photos. 

The most important step? 

Guarding your screen. 

Because, as Johnson showed, one glance at a passcode can unlock an entire digital life.

Proof sometimes the weakest link in iPhone security is the person holding it.

DISCOVER SBX CARS: The global premium car auction platform powered by Supercar Blondie