Last month, Folha de S. Paulo, a Brazilian newspaper, reported that criminals were stealing iPhones in Brazil not to resell them but to gain access to bank accounts of the stolen iPhones' users. Recently, the police have been able to get to the bottom of how these criminals do that.
The Sao Paulo police arrested one of those gangs and the criminals revealed how they crack the security of stolen iPhones. One of the criminals stated that he is capable of unlocking iPhone 5 to iPhone 11 models. According to Police Chief Fabiano Barbeiro, the criminals only need the iPhone SIM card to access all the data of the device.
The criminals would use the SIM card of the stolen iPhone in another iPhone and search social networks such as Instagram and Facebook to find out the email address of the stolen iPhone's owner. Usually, this email address is also the one used for their Apple ID. Once the criminals have identified the email address for the Apple ID, they would reset the password of the Apple ID using the phone number of the victim.
Barbeiro stated that:
When they download data from the cloud to the new device, they search for information linked to the word "password" and, according to them, they usually get what they need to access the victim's bank accounts. Once they have this information, they return the SIM card to the victim's phone and give the device to the gang member responsible for access the bank accounts.
Following the report of Folha de S. Paulo, Apple assured that it will allow users to delete their data from stolen iPhones in a hassle-free way, but it did not state the exact measures it will implement for that to be possible.