He Stole Hundreds of iPhones and Looted People’s Life Savings. He Told Us How.
Kanebridge News
    HOUSE MEDIAN ASKING PRICES AND WEEKLY CHANGE     Sydney $1,599,192 (-0.51%)       Melbourne $986,501 (-0.24%)       Brisbane $938,846 (+0.04%)       Adelaide $864,470 (+0.79%)       Perth $822,991 (-0.13%)       Hobart $755,620 (-0.26%)       Darwin $665,693 (-0.13%)       Canberra $994,740 (+0.67%)       National $1,027,820 (-0.13%)                UNIT MEDIAN ASKING PRICES AND WEEKLY CHANGE     Sydney $746,448 (+0.19%)       Melbourne $495,247 (+0.53%)       Brisbane $534,081 (+1.16%)       Adelaide $409,697 (-2.19%)       Perth $437,258 (+0.97%)       Hobart $531,961 (+0.68%)       Darwin $367,399 (0%)       Canberra $499,766 (0%)       National $525,746 (+0.31%)                HOUSES FOR SALE AND WEEKLY CHANGE     Sydney 10,586 (+169)       Melbourne 15,093 (+456)       Brisbane 7,795 (+246)       Adelaide 2,488 (+77)       Perth 6,274 (+65)       Hobart 1,315 (+13)       Darwin 255 (+4)       Canberra 1,037 (+17)       National 44,843 (+1,047)                UNITS FOR SALE AND WEEKLY CHANGE     Sydney 8,675 (+47)       Melbourne 7,961 (+171)       Brisbane 1,636 (+24)       Adelaide 462 (+20)       Perth 1,749 (+2)       Hobart 206 (+4)       Darwin 384 (+2)       Canberra 914 (+19)       National 21,987 (+289)                HOUSE MEDIAN ASKING RENTS AND WEEKLY CHANGE     Sydney $770 (-$10)       Melbourne $590 (-$5)       Brisbane $620 ($0)       Adelaide $595 (-$5)       Perth $650 ($0)       Hobart $550 ($0)       Darwin $700 ($0)       Canberra $700 ($0)       National $654 (-$3)                UNIT MEDIAN ASKING RENTS AND WEEKLY CHANGE     Sydney $730 (+$10)       Melbourne $580 ($0)       Brisbane $620 ($0)       Adelaide $470 ($0)       Perth $600 ($0)       Hobart $460 (-$10)       Darwin $550 ($0)       Canberra $560 (-$5)       National $583 (+$1)                HOUSES FOR RENT AND WEEKLY CHANGE     Sydney 5,253 (-65)       Melbourne 5,429 (+1)       Brisbane 3,933 (-4)       Adelaide 1,178 (+17)       Perth 1,685 ($0)       Hobart 393 (+25)       Darwin 144 (+6)       Canberra 575 (-22)       National 18,590 (-42)                UNITS FOR RENT AND WEEKLY CHANGE     Sydney 6,894 (-176)       Melbourne 4,572 (-79)       Brisbane 1,991 (+1)       Adelaide 377 (+6)       Perth 590 (+3)       Hobart 152 (+6)       Darwin 266 (+10)       Canberra 525 (+8)       National 15,367 (-221)                HOUSE ANNUAL GROSS YIELDS AND TREND         Sydney 2.50% (↓)       Melbourne 3.11% (↓)       Brisbane 3.43% (↓)       Adelaide 3.58% (↓)     Perth 4.11% (↑)      Hobart 3.78% (↑)      Darwin 5.47% (↑)        Canberra 3.66% (↓)       National 3.31% (↓)            UNIT ANNUAL GROSS YIELDS AND TREND       Sydney 5.09% (↑)        Melbourne 6.09% (↓)       Brisbane 6.04% (↓)     Adelaide 5.97% (↑)        Perth 7.14% (↓)       Hobart 4.50% (↓)       Darwin 7.78% (↓)       Canberra 5.83% (↓)       National 5.76% (↓)            HOUSE RENTAL VACANCY RATES AND TREND       Sydney 0.7% (↑)      Melbourne 0.8% (↑)      Brisbane 0.4% (↑)      Adelaide 0.4% (↑)      Perth 1.2% (↑)      Hobart 0.6% (↑)      Darwin 1.1% (↑)      Canberra 0.7% (↑)      National 0.7% (↑)             UNIT RENTAL VACANCY RATES AND TREND       Sydney 0.9% (↑)      Melbourne 1.4% (↑)      Brisbane 0.7% (↑)      Adelaide 0.3% (↑)      Perth 0.4% (↑)      Hobart 1.5% (↑)      Darwin 0.8% (↑)      Canberra 1.3% (↑)        National 0.9% (↓)            AVERAGE DAYS TO SELL HOUSES AND TREND         Sydney 28.7 (↓)       Melbourne 30.7 (↓)       Brisbane 31.0 (↓)       Adelaide 25.4 (↓)       Perth 34.0 (↓)       Hobart 34.8 (↓)       Darwin 35.1 (↓)       Canberra 28.5 (↓)       National 31.0 (↓)            AVERAGE DAYS TO SELL UNITS AND TREND         Sydney 25.8 (↓)       Melbourne 30.2 (↓)       Brisbane 27.6 (↓)       Adelaide 21.8 (↓)       Perth 37.8 (↓)       Hobart 25.2 (↓)       Darwin 24.8 (↓)       Canberra 41.1 (↓)       National 29.3 (↓)           
Share Button

He Stole Hundreds of iPhones and Looted People’s Life Savings. He Told Us How.

A convicted iPhone thief explains how a vulnerability in Apple’s software got him fast cash—and then a stint in a high-security prison

By JOANNA STERN
Thu, Dec 21, 2023 8:37amGrey Clock 5 min

RUSH CITY, Minn.—Before the guards let you through the barbed-wire fences and steel doors at this Minnesota Correctional Facility, you have to leave your phone in a locker. Not a total inconvenience when you’re there to visit a prolific iPhone thief.

I wasn’t worried that Aaron Johnson would steal my iPhone, though. I came to find out how he’d steal it.

“I’m already serving time. I just feel like I should try to be on the other end of things and try to help people,” Johnson, 26 years old, told me in an interview we filmed inside the high-security prison where he’s expected to spend the next several years.

For the past year, my colleague Nicole Nguyen and I have investigated a nationwide spate of thefts, where thieves watch iPhone owners tap their passcodes, then steal their targets’ phones—and upend their financial and digital lives.

Johnson, along with a crew of others, operated in Minneapolis for at least a year during 2021 and 2022. In and around bars at night, he would befriend young people, slyly learn their passcodes and take their phones. Using that code, he’d lock victims out of their Apple accounts and loot thousands of dollars from their bank apps. Finally, he’d sell the phones themselves.

It was an elaborate, opportunistic scheme that exploited the Apple ecosystem and targeted trusting iPhone owners who figured a stolen phone was just a stolen phone.

Last week, Apple announced Stolen Device Protection, a feature that likely will protect against these passcode-assisted crimes.

Yet even when you install the software, due in iOS 17.3, there will be loopholes. The biggest loophole? Us. By hearing how Johnson did what he did, we can learn how to better secure the devices that hold so much of our lives.

How he got started

Johnson isn’t a sophisticated cybercriminal. He said he got his start pickpocketing on the streets of Minneapolis. “I was homeless,” he said. “Started having kids and needed money. I couldn’t really find a job. So that’s just what I did.”

Soon he realised the phones he was nabbing could be worth a lot more—if only he had a way to get inside them. Johnson said no one taught him the passcode trick, he just stayed up late one night fiddling with a phone and figured out how to use the passcode to unlock a bounty of protected services.

“That passcode is the devil,” he said. “It could be God sometimes—or it could be the devil.”

According to the Minneapolis Police Department’s arrest warrant, Johnson and the other 11 members of the enterprise allegedly accumulated nearly $300,000. According to him, it was likely more.

“I had a rush for large amounts at a time,” he said. “I just got too carried away.”

In March, Johnson, who had prior robbery and theft convictions, pleaded guilty to racketeering and was sentenced to 94 months. He told the judge he was sorry for what he did.

How he did it

Here’s how the nightly operation would go down, according to interviews with Johnson, law-enforcement officials and some of the victims:

Pinpoint the victim. Dimly lit and full of people, bars became his ideal location. College-age men became his ideal target. “They’re already drunk and don’t know what’s going on for real,” Johnson said. Women, he said, tended to be more guarded and alert to suspicious behaviour.

Get the passcode. Friendly and energetic, that’s how victims described Johnson. Some told me he approached them offering drugs. Others said Johnson would tell them he was a rapper and wanted to add them on Snapchat. After talking for a bit, they would hand over the phone to Johnson, thinking he’d just input his info and hand it right back.

“I say, ‘Hey, your phone is locked. What’s the passcode?’ They say, ‘2-3-4-5-6,’ or something. And then I just remember it,” Johnson described. Sometimes he would record people typing their passcodes.

Once the phone was in his hand, he’d leave with it or pass it to someone else in the crew.

Lock them out—fast. Within minutes of taking the iPhones, Johnson was in the Settings menu, changing the Apple ID password. He’d then use the new password to turn off Find My iPhone so victims couldn’t log in on some other phone or computer to remotely locate—and even erase—the stolen device.

Johnson was changing passwords fast—“faster than you could say supercalifragilisticexpialidocious,” he said. “You gotta beat the mice to the cheese.”

Take the money. Johnson said he would then enrol his face in Face ID because “when you got your face on there, you got the key to everything.” The biometric authentication gave Johnson quick access to passwords saved in iCloud Keychain.

Savings, checking, cryptocurrency apps—he was looking to transfer large sums of money out. And if he had trouble getting into those money apps, he’d look for extra information, such as Social Security numbers, in the Notes and Photos apps.

By the morning, he’d have the money transferred. That’s when he’d head to stores to buy stuff using Apple Pay. He’d also use the stolen Apple devices to buy more Apple devices, most often $1,200 iPad Pro models, to sell for cash.

Sell the phones. Finally, he’d erase the phone and sell it to Zhongshuang “Brandon” Su who, according to his arrest warrant, sold them overseas.

While Johnson did steal some Android phones, he went after iPhones because of their higher resale value. At bars, he’d scope out the scene—looking for iPhone Pro models with their telltale trio of cameras. He said Pro Max with a terabyte of storage could get him $900. Su also bought Johnson’s purchased iPads.

Su pleaded guilty to receiving stolen property and was sentenced to 120 days at an adult corrections facility in Hennepin County, Minn. Neither Su nor his lawyer responded to requests for comment.

On a good weekend, Johnson said, he was selling up to 30 iPhones and iPads to Su and making around $20,000—not including money he’d taken from victims’ bank apps, Apple Pay and more.

How you can prevent it

A week after my trip to Minnesota, Apple announced Stolen Device Protection. The security setting will likely foil most of Johnson’s tricks, but it won’t be turned on automatically.

If you don’t turn it on, you’re as vulnerable as ever. Switching it on adds a line of defence to your phone when away from familiar locations such as home or work.

To change the Apple ID password, a thief would need Face ID or Touch ID biometric scans—that is, your face or your finger. The passcode alone won’t work. And the process has a built-in hourlong delay, followed by another biometric scan. This same slow process is also required for adding a new Face ID and disabling Find my iPhone.

Some functions, such as accessing saved passwords in iCloud Keychain or erasing the iPhone, are available without the delay but still require Face ID or Touch ID.

A criminal might still be motivated to kidnap a person with lots of money, then slowly break through these layers of security. However, the protections will likely dissuade thieves who just want to grab phones and flee the scene.

So what loopholes remain? A thief who gets the passcode could still buy things with Apple Pay. And any app that isn’t protected by an additional password or PIN—like your email, Venmo, PayPal and more—is also vulnerable.

That’s why you should also:

  • Add a distinct passcode to money apps, like Venmo and Cash App.
  • Delete any notes or photos that include personal information such as passwords or Social Security numbers. Store that stuff in a secure note inside a third-party password manager, such as Dashlane or 1Password.
  • Create a stronger iPhone passcode—one that uses letters and numbers.

The most obvious is Johnson’s advice: Watch your surroundings and don’t give your passcode out.

If this crime has taught us anything, it’s that a single device now contains access to our entire lives—our memories, our money and more. It’s on us to protect them.

Nicole Nguyen contributed to this article.



MOST POPULAR

Consumers are going to gravitate toward applications powered by the buzzy new technology, analyst Michael Wolf predicts

Chris Dixon, a partner who led the charge, says he has a ‘very long-term horizon’

Related Stories
Money
Companies Say Push to Decarbonise Comes From Their Own Boards
By YUSUF KHAN 03/03/2024
Money
The Great Wealth Transfer: How rich millennials will invest the billions coming their way
By Bronwyn Allen 01/03/2024
Money
Japan Is Back. Is Inflation the Reason?
By GREG IP 01/03/2024
Companies Say Push to Decarbonise Comes From Their Own Boards

Call to cut corporate carbon footprints is loudest from inside organizations, outweighing demand from customers and regulators, survey finds

By YUSUF KHAN
Sun, Mar 3, 2024 2 min

The pressure on companies to cut their carbon footprint is coming more from within the organisations themselves than from customers and regulators, according to a new report.

Three-quarters of business leaders from across the Group of 20 nations said the push to invest in renewable energy is being driven mainly by their own corporate boards, with 77% of U.S. business leaders saying the pressure was extreme or significant, according to a new survey conducted by law firm Ashurst.

The corporate call to decarbonise is intensifying, Ashurst said, with 30% of business leaders saying the pressure from their own boards was extreme, up from 25% in 2022.

“We’re seeing that the energy transition is an area that is firmly embedded in the thinking of investors, corporates, governments and others, so there is a real emphasis on setting and acting on these plans now,” said Michael Burns, global co-head of energy at Ashurst. “That said, the pace of transition and the stage of the journey very much depends from business to business.”

The shift in sentiment comes as companies ramp up investment in renewable spending to meet their net-zero goals. Ashurst found that 71% of the more than 2,000 respondents to its survey had committed to a net-zero target, while 26% of respondents said their targets were under development.

Ashurst also found that solar was the most popular method to decarbonise, with 72% of respondents currently investing in or committed to investing in the clean energy technology. The law firm also found that companies tended to be the most active when it comes to renewable investments, with 52% of the respondents falling into this category. The average turnover of those companies was $15.1 billion.

Meanwhile, 81% of energy-sector respondents to the survey said they see investment in renewables as essential to the organisation’s strategic growth.

Burns said the 2030 timeline to reach net zero was very important to the companies it surveyed. “We are increasingly seeing corporate and other stakeholders actively setting and embracing trajectories to achieve net zero. However, greater clarity and transparency on the standards for measuring and managing these net-zero commitments is needed to ensure consistency in approach and, importantly, outcome,” he said.

Legal battles over climate change and renewable investing are also likely to rise, with 68% of respondents saying they expect to see an increase in legal disputes over the next five years, while only 16% anticipate a decrease, the report said.

MOST POPULAR

Consumers are going to gravitate toward applications powered by the buzzy new technology, analyst Michael Wolf predicts

Chris Dixon, a partner who led the charge, says he has a ‘very long-term horizon’

Related Stories
Property
Greener Homes, Living Alone And Ongoing Rate Pain
By Bronwyn Allen 28/11/2023
Money
The Great Wealth Transfer: How rich millennials will invest the billions coming their way
By Bronwyn Allen 01/03/2024
Property
Shoppers Prefer Staying Outdoors. That’s More Trouble for Malls.
By KATE KING 16/01/2024
0
    Your Cart
    Your cart is emptyReturn to Shop