A 26-year-old American man, currently imprisoned for iPhone theft, admitted to hacking into victims' phones to steal $300,000.
In a Wall Street Journal interview, Aaron
Johnson shared his strategy, which included exploiting intoxicated college men at bars and clubs, who would hand over their phones and passcodes unknowingly.
Johnson employed simple social tricks to gain access, changed Apple ID passwords rapidly, disabled tracking, and used biometrics for further access. With control of their phones, he targeted banking and cryptocurrency apps and personal data to empty accounts and make purchases with Apple Pay.
On a productive weekend, he could offload 30 devices, earning $20,000. Police report he stole $300,000, but
Johnson claims the total is over $1 million.
He stresses the danger of sharing passcodes, now in jail attempting to help others avoid similar fates. This theft occurred before Apple's iOS 17.3 Stolen Device Protection, which delays password and biometric changes in unfamiliar settings.