With iOS 17.3, Apple is launching a new Stolen Device Protection feature that aims to protect users should they have their iPhone and their iPhone’s passcode both stolen.
In a new article and video on Wednesday, The Wall Street Journal’s Joanna Stern sat down with a prolific iPhone thief who took advantage of the iOS vulnerability to rake in over $20,000 every weekend from victims.
Stern and Nicole Nguyen at The Wall Street Journal were the first to go in-depth on this widespread phenomenon back in February. Thieves would watch people enter their iPhone passcodes, then target that same person and steal their iPhone. With the passcode, the thieves could change the victim’s Apple ID password, access banking applications, and much more.
Today’s article from Stern gives an up-close look at the life of one criminal who made this a full-time job.
“I’m already serving time. I just feel like I should try to be on the other end of things and try to help people,” Aaron Johnson told Stern. “That passcode is the devil,” he said. “It could be God sometimes—or it could be the devil.”
Dimly lit and full of people, bars became his ideal location. College-age men became his ideal target. “They’re already drunk and don’t know what’s going on for real,” Johnson said. Women, he said, tended to be more guarded and alert to suspicious behavior.
There was also quite a bit of social engineering involved in Johnson’s process:
Friendly and energetic, that’s how victims described Johnson. Some told me he approached them offering drugs. Others said Johnson would tell them he was a rapper and wanted to add them on Snapchat. After talking for a bit, they would hand over the phone to Johnson, thinking he’d just input his info and hand it right back.
Once Johnson had the passcode and iPhone, he’d quickly change the Apple ID password and enroll his face in Face ID on the device. From there, he’d look for any funds in banking apps, Apple Cash, and crypto apps. He’d also check the Notes and Photos apps for extra information like social security numbers.
After he was done with the iPhone in question, he’d erase it and sell it to his partner, Zhongshuang “Brandon” Su, who would then sell it overseas.
On a good weekend, Johnson said, he was selling up to 30 iPhones and iPads to Su and making around $20,000—not including money he’d taken from victims’ bank apps, Apple Pay and more.
Johnson pled guilty to his role in accumulating nearly $300,000 from stolen iPhones in March, and was sentenced to 94 months in jail.
The full piece and accompanying video are well worth checking out at The Wall Street Journal. Here’s a link to the story on Apple News as well.
Follow Chance: Threads, Twitter, Instagram, and Mastodon.
FTC: We use income earning auto affiliate links. More.
