Brazilian criminals explain how they get access to bank accounts of stolen iPhones

Who I am
Philippe Gloaguen
@philippegloaguen
Author and references

Last month the Brazilian newspaper Folha de S. Paulo reported how criminals stole iPhones in Brazil to access people's bank accounts, rather than resell the devices. Now the police seem to have finally figured out how to access bank accounts, and to our surprise, the process seems easier than one might think.

At first it was believed that thieves used some exploits or other advanced methods (like Cellebrite tools) to unlock stolen iPhones, but it is much simpler than that. Police Chief Fabiano Barbeiro revealed that criminals only need one tool to access all data on the device: the iPhone SIM card.



Basically, the crooks take out the SIM card from the stolen iPhone and then insert it into another iPhone. Using social networks like Facebook and Instagram, they can easily find out the email address used by the person whose phone was stolen.

In most cases, this email address is the same one used for your Apple ID. All they have to do is reset the Apple ID password using the victim's phone number.

Barbeiro states that the easiest way for criminals to find passwords is to search in the Notes app, as many users store bank and credit card passwords there. However, with iCloud account access, they can also get all iCloud Keychain passwords easily.

When they download data from the cloud to their new device, they look for information related to the word "password" and, according to them, usually get what they need to access the victim's bank accounts. Once they get this information, they return the SIM card to the victim's phone and hand the device over to the gang member responsible for accessing the bank accounts.



One of the suspects arrested is a 22-year-old computer technician, who told police he knew at least three other people who were training criminals interested in obtaining stolen smartphone passwords. The Sao Paulo police have arrested 12 people and have already identified 28 others involved in the theft of smartphones. However, the police do not rule out the possibility that some gangs have access to more complex tools to unlock victims' iPhones.



add a comment of Brazilian criminals explain how they get access to bank accounts of stolen iPhones
Comment sent successfully! We will review it in the next few hours.