To secure the identifiers of its client-users, Apple has created the spare keys. The idea: generate a 28-character code and be able to use it in certain specific cases: “ If you can’t remember your Apple ID password, you can try to regain access from your trusted passcode-protected device. You can also reset your password using your recovery key, a trusted phone number, and an Apple device ».
Problem: the feature is now used to expropriate users from their Apple account, reports the Wall Street Journal. The American newspaper cites the case of Greg Frasca, whose iPhone 14 Pro was stolen (along with its code) from a bar in Chicago.
Once the phone was recovered, the scammers sought to empty Mr. Frasca’s bank account while preventing him from using the remote locator feature to find his phone.
So they changed his Apple ID code and used over the feature “ spare key to add an additional lock on the resulting account.
The newspaper explains that it has gathered dozens of testimonies of the same type, all over the United States.
While the accounts are blocked, the scammers use all available applications, including Apple Pay, to recover money.
The owners lose not only a smartphone and money, but also all the documents stored in their account – in Mr. Frasca’s case, this includes eight years of photos of his daughter.
For the moment, apart from the multi-backup of the elements that have the most value in the eyes of its owner, there is hardly any solution.
Even if the user has already generated a recovery key, as long as the scammers have recovered the phone’s PIN, it is very easy for them to generate a new key and expropriate the person from their Apple account.
