Aaron Johnson, currently serving a 94-month sentence in the US for iPhone theft, revealed his tactics and offered insights on preventing such crimes in an interview with the Wall Street Journal.

Johnson, arrested in Minnesota last year, confessed to earning around $300,000 by stealing and exploiting financial apps on iPhones.

Shockingly, he claimed that many victims willingly handed over their smartphones.

US Man Revealed iPhone Hack

His strategy involved targeting college men in bars and clubs, relying on their inebriated state as an advantage.

Johnson remarked that women tended to be more vigilant, making men an easier target because they "don't know what's going on for real" when drunk.

In his scheme, Johnson engaged victims, sometimes offering drugs or posing as a rapper wanting to connect on Snapchat. The victims, trusting him, handed over their iPhones, expecting a quick exchange of numbers.

Exploiting their trust, Johnson asked for passcodes, which they gave away quickly, like "2-3-4-5-6," enabling him to memorize them later.

Once in, he swiftly altered Apple ID passwords, disabled tracking like Find My iPhone, and added his biometric data to FaceID, granting him extensive access via iCloud Keychain passwords.

Sidestepping security measures, he targeted banking and cryptocurrency apps, scanning notes and photos for sensitive details like Social Security numbers. He drained bank accounts overnight and used Apple Pay to make purchases at stores.

This revelation highlights the subtle nature of his approach, exploiting vulnerabilities in unsuspecting individuals.

Johnson's disclosure serves as a reminder to stay vigilant in public spaces, significantly when impaired, to prevent falling victim to such thefts.

Also Read: T-Mobile Faces Lawsuit Over Employee Theft: Customer's Privacy Violated In Private Photos Scandal 

Apple Adds Apple's Stolen Device Protection

Apple's Stolen Device Protection aims to foil any attempt to lock out an iPhone owner by altering the Apple ID outside familiar locations.

Changing the ID away from home or work triggers a double Face ID or Touch ID authentication, with an hour gap between scans. This feature hinders quick unauthorized access, deterring typical "smash and grab" theft attempts.

If changes are made from an unfamiliar location, the system demands two biometric scans an hour apart for adding/deleting a recovery key or altering trusted phone numbers.

The recovery key, a 28-character code for lost Apple ID access, ensures data retrieval.

Despite these safeguards, stolen iPhones pose risks. Apps, emails, or logins without extra password protection remain vulnerable. If biometrics fail, services linked to Apple Pay can function with just a passcode.

The people from Apple also advise additional security like PINs for financial apps and swift remote iCloud access for device wiping upon theft detection. Apple's measures are robust but emphasize the importance of proactive steps to secure personal data in case of theft.

Johnson's confession sheds light on iPhone theft tactics, warning of vulnerabilities in unsuspecting individuals. His revelation urges vigilance, especially in vulnerable settings.

Apple's Stolen Device Protection aims to prevent unauthorized access, but it's essential to reinforce personal device security with extra layers like PINs for financial apps to deter potential thefts.

Related Article: Apple Releases Security Updates To Address Critical IOS, MacOS Vulnerabilities, And Theft Protection