Apple Responds to Report About Thieves Spying on iPhone Passcodes to 'Steal Your Entire Digital Life' - MacRumors
Skip to Content

Apple Responds to Report About Thieves Spying on iPhone Passcodes to 'Steal Your Entire Digital Life'

by

An in-depth report published today by The Wall Street Journal's Joanna Stern and Nicole Nguyen highlights instances of thieves spying on a victim's iPhone passcode before stealing the device in order to gain access to the device, data, and money.

iphone passcode green
All of the victims interviewed said their iPhones were stolen while they were out socializing at bars and other public places at night. Some victims said the iPhones were grabbed out of their hands by strangers, while others said they were physically assaulted and intimidated. The report provides specific examples of these instances.

With knowledge of the iPhone's passcode, a thief can easily reset the victim's Apple ID password in the Settings app, even if Face ID or Touch ID is enabled. Subsequently, the thief can turn off Find My iPhone on the device, preventing the owner of the device from tracking its location or remotely erasing the device via iCloud. The thief can also remove other trusted Apple devices from the account to further lock out the victim.

The thief can also change an Apple ID's contact information and set up a recovery key in order to prevent a victim from recovering the account.


To make matters worse, knowing an iPhone's passcode allows a thief to use Apple Pay, send Apple Cash, and access banking apps using passwords stored in iCloud Keychain. Even if Face ID or Touch ID is enabled on the iPhone, thieves can simply bypass these authentication methods and an option to input the device's passcode is presented. In some cases, the report claims that thieves even opened an Apple Card by finding the victim's last four digits of their Social Security number in photos stored in apps like Photos or Google Drive.

Access to other passwords stored in iCloud Keychain allows the thief to further wreak havoc, as it could give them access to email accounts and other sensitive information. All in all, the report says thieves can essentially "steal your entire digital life."

Apple Responds

In response to the report, an Apple spokesperson said "security researchers agree that iPhone is the most secure consumer mobile device, and we work tirelessly every day to protect all our users from new and emerging threats."

"We sympathize with users who have had this experience and we take all attacks on our users very seriously, no matter how rare," the spokesperson added. "We will continue to advance the protections to help keep user accounts secure." Apple did not provide any specific details about any next steps it might take to increase security.

In a tweet, Stern recommended that Apple add extra protections to iOS and introduce additional Apple ID account recovery options.

How to Stay Protected

In a tweet, Stern recommended that users switch from a four-digit passcode to an alphanumeric passcode, which would be more difficult for thieves to spy on. This can be done in the Settings app under Face ID & Passcode → Change Passcode.

iPhone users can also use Face ID or Touch ID as much as possible when in public to prevent thieves from spying on their passcode. In situations where entering the passcode is necessary, users can hold their hands over their screen to hide passcode entry.

To protect a bank account, consider storing the password in a password manager that does not involve the device's passcode, such as 1Password.

Tags: Apple Security, The Wall Street Journal

Popular Stories

macOS 26 and Terminal Feature

macOS 26.4 Introduces New Security Feature for Terminal Commands

Wednesday March 25, 2026 1:24 pm PDT by
macOS Tahoe 26.4 introduces a new security feature that warns Mac users if they paste certain commands in the Terminal app that may be harmful. For those unaware, the Terminal app allows you to enter text commands to perform tasks on your Mac. Terminal is primarily intended for advanced users and developers, but unfortunately casual users can be tricked into entering harmful commands that...
Read Full Article82 comments
lock screen notifications for iPhones running out of date versions of iOS feature 3

Apple Now Sending Critical Security Alerts to iPhones Running iOS 17 and Earlier

Friday March 27, 2026 7:21 am PDT by
Apple has begun pushing Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS, warning users of active web-based attacks. The alerts, which appear as a "Critical Software" notification from the Settings app, warn that Apple "is aware of attacks targeting out-of-date iOS software, including the version on your iPhone," and urge users to install a critical...
Read Full Article92 comments
apple lock security bug vulnerability fix privacy

Apple Says No iPhone in Lockdown Mode Has Ever Been Hacked

Friday March 27, 2026 9:33 am PDT by
Apple says it has no record of a successful spyware attack against any device running Lockdown Mode, the opt-in security feature it introduced in 2022. "We are not aware of any successful mercenary spyware attacks against a Lockdown Mode-enabled Apple device," an Apple spokesperson told TechCrunch. Lockdown Mode is available on the iPhone, iPad, and Mac, and dramatically restricts...
Read Full Article39 comments

Top Rated Comments

GMShadow Avatar
GMShadow
41 months ago
...what, exactly, was the point of the 'report'?

"If someone steals your house keys, they could get in your house and take your stuff!" - Joanna Stern later today, probably.
Score: 143 Votes (Like | Disagree)
antiprotest Avatar
antiprotest
41 months ago
This is why I disagree with the users on here who keep saying passcode is more secure and stop using Face ID if you don't want people to take your phone and point it at you, etc. Perhaps the passcode is technically more secure, but it is practically way less secure. Face ID is secure especially if you enable "attention required." Always use Face ID. Never enter your passcode in public unless you are sure no one is looking at your screen (and to be extra secure, that no camera overhead is looking down at you).

Apple is not innocent either. Somehow they think it makes the phone more secure to occasionally demand your passcode at the most inconvenient times. This is way less secure. I have been asked for the passcode while in public and I actually waited until I went to a private location before entering it. Ask for it every restart, fair. But if the phone has been on and there are no multiple failed Face ID attempts, DO NOT ask for the passcode.
Score: 77 Votes (Like | Disagree)
TheYayAreaLiving 🎗️ Avatar
TheYayAreaLiving 🎗️
41 months ago
You just have to be careful when using your iPhone outside in public.
Apple needs to consider bringing back Touch-ID. Two Factor Authentication: Touch ID + Face ID simultaneously
Score: 60 Votes (Like | Disagree)
compwiz1202 Avatar
compwiz1202
41 months ago

This isn’t a sign of iPhones being less secure, it’s a sign of increased desperation in an increasingly impoverished world. If it comes to physically threatening the owner to unlock the phone before they run off it doesn’t matter if it’s a 4 digit, 6 digit, alphanumeric, or biometric passcode.
Then we need duress passcode that let the iPhone look normal for so many minutes and then totally lock down and broadcast itself as stolen, and will not allow anything vital to be done, or also make it appear it is working but nothing actually happens.
Score: 58 Votes (Like | Disagree)
dannyyankou Avatar
dannyyankou
41 months ago
This is why you should enable Face ID
Score: 49 Votes (Like | Disagree)
timshundo Avatar
timshundo
41 months ago
This isn’t a sign of iPhones being less secure, it’s a sign of increased desperation in an increasingly impoverished world. If it comes to physically threatening the owner to unlock the phone before they run off it doesn’t matter if it’s a 4 digit, 6 digit, alphanumeric, or biometric passcode.
Score: 43 Votes (Like | Disagree)
Read All Comments