iPhone thieves who spied on a victim's passcode before stealing the Apple device can easily reset settings preventing its owner from accessing it.
According to a new report in The Wall Street Journal, victims have reported phones stolen out of their hands or at bars and other public places, finding they had been locked out of their accounts.
Bad actors with knowledge of a passcode are able to easily reset the victim's Apple ID password in the Settings app.
They can turn off Find my iPhone, preventing the owner from tracking it or remotely wiping the device, as well as remove other devices from the account.
They can also set up a recovery key to prevent a victim from recovering the account.
In one case, a thief opened an Apple Card by finding the phone owner's last four digits of their Social Security number in photos. Another said she had lost photos of her family permanently. Most of the victims filed police reports and one filed an identity theft claim with the Federal Trade Commission.
A spokesperson for Apple told the paper that the iPhone is the most secure consumer mobile device and that the company works "tirelessly" to prevent new and emerging threats.
"We sympathize with users who have had this experience and we take all attacks on our users very seriously, no matter how rare," the spokesperson said, adding that the tech giant believes these crimes are uncommon because they require the theft of the device and the passcode. "We will continue to advance the protections to help keep user accounts secure."
Use Face ID or Touch ID in public to prevent wandering eyes and prying hands, according to the spokesperson, and hold hands over the screen when inputting a passcode.
Notably, in New York, some authorities have suggested Face ID as a possible point of entry into the phones – especially if a user is incapacitated.
Switching to an alphanumeric passcode is also an option can be done in the Settings app.