Trying to figure out how iphone was hacked

[Mark F]

Hi,
My son's iPhone 13 was hacked and taken over on Friday, which resulted in the hackers changing his Verizon pw, his credit card pw, etc. and we're trying to figure out how this might have happened. Once the hackers had control of his phone, they were able to reply to the double verification texts that the several credit card companies sent out. Would they have absolutely have needed his Verizon pw or would the phone's login PIN be enough?
His model 13 had a esim, which Verizon is now replacing with a physical sim. COuld this be the weak point? Are hackers using devices to read the esim from say, a local cafe?
Any ideas would be appreciated. Thanks.

 

[MacInWin]

eSIMs are generally thought to be safer than physical SIM cards as they are embedded in the phone, and cannot be removed. The physical SIMs are easily removed and cloned.

As for how a nefarious character got into the accounts, where was your son at the time? Did he leave his iphone unattended, even for just a few seconds? Had he been entering his unlock PIN code without taking precautions to hide it? Thieves can "read" the code just by watching him type it in, particularly if it's only 4 digits. As far as the rest of it, once the bad guys have access, the codes for everything else will only take a minute or less to change. All they needed was the PIN.

 

[Mark F]

eSIMs are generally thought to be safer than physical SIM cards as they are embedded in the phone, and cannot be removed. The physical SIMs are easily removed and cloned.

As for how a nefarious character got into the accounts, where was your son at the time? Did he leave his iphone unattended, even for just a few seconds? Had he been entering his unlock PIN code without taking precautions to hide it? Thieves can "read" the code just by watching him type it in, particularly if it's only 4 digits. As far as the rest of it, once the bad guys have access, the codes for everything else will only take a minute or less to change. All they needed was the PIN.

Thanks Jake, but can you expand on that? He still has the phone so even if someone knew the unlock pin, how can they take over the phone?
To answer your question though, he does not think he left the phone unattended but who knows if someone observed him entereing the unlock pin?
I live in the NYC Metropolitan area and years ago, in the infancy of cell phones, the advice was to turn off your phone when entering the Midtown tunnel to or from Manhattan. As I recall, there were hackers with some sort of device that could read the sim card on either end of the tunnel and would hijack the phone. But that's got be 30 years ago or more.

 

[MacInWin]

Expand on what? The esim is data stored inside the phone, not on a removable card. To clone an esim, the hacker would have to have physical access to the phone and it be unlocked and then use software to read the esim data (it's not generally available to the typical user). To clone a physical sim only requires access to the sim tray for less than a minute, to pop out the card, put it in a cloner and then return the original back to the phone. Then the thief can use the clone later, in a separate phone, to hijack the calls and messages. Generally the thief will hand off the information to an accomplice who will do the pw hacking within minutes (less than 5) of getting the cloned card.

As for the rest, if someone watched him enter the passcode to unlock the phone and then had access to it for 15 seconds, they could unlock the phone, change the codes and start stealing data. The main one to change is the AppleID, as that gives the thief access to EVERYTHING, including the keychain data.

It could also be that the thieves just worked through Verizon, pretending to be your son and claiming that they had a new phone and needed to mograte from the old to the new. They then provide the informaton on their new phone and Verizon made the change. Once they had that, they get access to your son's accounts fairly easily. Here is one article where a woman had her phone stolen and within 3 minutes all the damage was done. So, if your son was inattentive for 3 minutes, it could have happened that way to him, and he wouldn't know until he tried to access his accounts himself later.

A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life

The passcode that unlocks your phone can give thieves access to your money and data. “It’s like a treasure box.”

www.wsj.com

I used to use a 4 digit passcode, but moved to a 6 digit a while ago. I'm now thinking of moving to alphanumeric for more security, although it's a bigger pain to then unlock when facial ID doesn't work. Fortunately, that's not often, so maybe it won't be that bad. To do that, here is Apple's article on passcodes:

Use a passcode with your iPhone, iPad, or iPod touch - Apple Support

Learn how to set, use, and change a passcode on your iPhone, iPad, or iPod touch.

support.apple.com

 

[Mark F]

Thanks again. This is really scary stuff.

 

[IWT]

@Mark F

This is truly a very sad and frightening story which will, no doubt, affect the whole family, not just your son.

The deed is done, so it's a lengthy and frustrating process to restore "normality" to son and family.

Jake has provided a careful, detailed and courteous series of responses. My contribution is limited to one thing for the future: the Passcode.

If one uses a 4-digit or even 6-digit Passcode, it's still very easy for someone to enter a conversation with the owner which inevitably leads to the latter opening their device by Passcode and an apparently unrelated villain standing behind the owner who memorises the 4 or 6 numbers.

My advice is always to use alpha-numerical option. Why? Well, when you use the 4 digit, or for recent phones, the 6 digit number, the thief knows that there are only, say, 6 digits because Apple says - "Enter Your 4 digit code"(rare nowadays), more usually "Enter Your 6 Digit Code". So everyone knows it's 6 digits. Pretty easy to recall or attempt to brake.

The alpha-numerical option, when used, only says "Enter Your Passcode". That leaves the thief with the near impossible task of guessing the Passcode because they have 26 alphabet letters (upper & lower case) together with 10 numerals to deal with.

Not much solace for your son and family, but a suggestion for the future and for others who only use 4 or 6 digits.

I am very sorry for you all.

Ian

 

[Mark F]

Thank you Ian for your kind words. Six digit alpha/numeric is clearly the way to go.
You are right on that this is a very stressful time, especially for my son. He has literally, no exageration, spent more than ten hours on the phone with Verizon trying to get his phone service back, and still no success. The incompetence of their customer support is staggering. I'm wondering if ATT or T-Mobile are any better.
Thanks again and have a good day.

 

[Rod]

Living as I do roughly 9 months of the year in Indonesia I have been especially careful about this Passcode issue. Occasionally I find my Touch ID does not work (the iPhone SE 2 doesn't have facial recognition) because my hands are wet or dirty or for some unknown reason it just fails and I need to enter the passcode manually so I changed my passcode to an alphanumeric one for exactly the reasons Ian mentions in post #6. Just the simple inclusion of a few letters makes it that much more difficult to guess or view from afar.

 

[Mark F]

Thank you. Six digit alpha/numeric is what my family will be using from here on.