(CNN) A complex but involved method of gaining control of a user’s iPhone and permanently locking them the device appears to be on the rise.
Some iPhone thieves are taking advantage of a security setting, called a recovery key, that makes it nearly impossible for owners to access their photos, messages, data and more, according to a recent reports the Wall Street Journal. Some victims too said the publication their bank accounts were drained after thieves gained access to their financial apps.
It’s important to note, however, that this type of acquisition is difficult to do. This requires a criminal primarily watching an iPhone user enter the device’s passcode — for example, by looking over their shoulder at a bar or sporting event — or manipulating the device’s owner so they can share the their passcode. And that’s before they physically steal the device.
From there, a thief can use it the passcode to change the device’s Apple ID, turn off “Find my iPhone” so their location can’t be tracked, and then reset the recovery key, a complex 28-digit code intended to protect those with -its property from online hackers.
Apple requires this key to help reset or regain access to an Apple ID in an effort to strengthen user security, but if a thief changes it, the original owner won’t have a new code and be locked out of the account.
“We sympathize with people who have had this experience and we take all attacks on our users seriously, no matter how rare,” an Apple spokesperson said in a statement to CNN. “We work tirelessly every day to protect our users’ accounts and data, and are always investigating additional protections against emerging threats like this.”
On its website, Apple warning “You are responsible for maintaining access to your trusted devices and your recovery key. If you lose these two items, you may be permanently locked out of your account.”
Jeff Pollard, VP and principal analyst at Forrester Research, said the company should offer more customer support options and “ways for Apple users to authenticate so they can reset settings this.”
For now, however, there are some steps users can take to potentially protect themselves from having it happen to them.
Protect the passcode
The first step is to protect the passcode.
An Apple spokesperson told CNN that people can use Face ID or Touch ID when unlocking their phone in public to avoid revealing their passcode to anyone who might be watching.
Users can also set up longer, alphanumeric passcodes that are harder for bad actors to figure out. Device owners should also change the passcode immediately if they believe someone else has seen it.
Screen Time settings
Another step one can consider is a hack that is not necessarily endorsed by Apple but one that is circulating online. Within the iPhone’s Screen Time setting, which allows guardians to set up restrictions on how children can use the device, there is an option to set up a second password that will be required from to any user before they can use it. An Apple ID has been successfully changed.
By enabling this, a thief will be prompted for that second password before changing the Apple ID password.
Back up the phone regularly
Finally, users can protect themselves by regularly backing up the iPhone — through iCloud or iTunes — to recover data in the event of an iPhone theft. At the same time, users may want to consider storing important photos or other sensitive files and data in another cloud service, such as Google Photos, Microsoft OneDrive, Amazon Photos or Dropbox.
This won’t prevent a bad actor from gaining access to the device, but it should limit some of the fallout should it happen.
