So – watching over someone’s shoulder to steal their phone password is now sophisticated fraud and theft? This whole story hinges on the idea that there are people out there who despite having Face ID or similar regularly unlock their phones slowly and in view of strangers.
There isn’t a single quote from either banking firms or Gardaí on the entire article just vague “senior sources say”
I’m calling likely bullshit and click bait.
The article has conflicting technical information, seems to have been edited poorly.
“Because this gang have been able to work out how to beat the Face ID mechanism on the phones that they steal, they can go into the ‘forgot password’ system on the mobile device and then they get sent a password reset request.
“This means that they can go into basically everything on the phone because people are using duplicate passcodes for all their accounts.
It may (and other reports suggest this) represent that the attackers can gain access to accounts in two common cases: either apps on apple phones use FaceID, or the user has used their unlock pin on all their banking apps.
There are media reports of similar fake taxi attacks going back to Nov.
Always use a different pin on each bsnking app and never reuse the unlock pin (if you use one) for that.
I found what seems likely to be much more accurate reporting on the same Gardaí information – the truth here is much more mundane. Basically don’t get drunk and hand your unlocked phone over to a stranger.
From a report yesterday, it sounds like the attackers can reset the face known by FaceID to their own after watching a user use the pin, using that unlock pin to gain access to the phone then making additiinal changes.
I don’t use an apple phone however, so am not familiar with how that might be done.
Is it really common for iphone users to use a pin to unlock, rather than FaceID, but then use FaceID for multiple banking apps? If so are people doing that to prevent relations with similar faces gaining phone access, or another reason?
6 comments
Cunts
So – watching over someone’s shoulder to steal their phone password is now sophisticated fraud and theft? This whole story hinges on the idea that there are people out there who despite having Face ID or similar regularly unlock their phones slowly and in view of strangers.
There isn’t a single quote from either banking firms or Gardaí on the entire article just vague “senior sources say”
I’m calling likely bullshit and click bait.
The article has conflicting technical information, seems to have been edited poorly.
“Because this gang have been able to work out how to beat the Face ID mechanism on the phones that they steal, they can go into the ‘forgot password’ system on the mobile device and then they get sent a password reset request.
“This means that they can go into basically everything on the phone because people are using duplicate passcodes for all their accounts.
It may (and other reports suggest this) represent that the attackers can gain access to accounts in two common cases: either apps on apple phones use FaceID, or the user has used their unlock pin on all their banking apps.
There are media reports of similar fake taxi attacks going back to Nov.
Always use a different pin on each bsnking app and never reuse the unlock pin (if you use one) for that.
I found what seems likely to be much more accurate reporting on the same Gardaí information – the truth here is much more mundane. Basically don’t get drunk and hand your unlocked phone over to a stranger.
https://www.irishtimes.com/crime-law/2022/12/19/gardai-fear-phone-pin-scam-targeting-bank-accounts-to-increase-over-christmas-period/
From a report yesterday, it sounds like the attackers can reset the face known by FaceID to their own after watching a user use the pin, using that unlock pin to gain access to the phone then making additiinal changes.
I don’t use an apple phone however, so am not familiar with how that might be done.
Is it really common for iphone users to use a pin to unlock, rather than FaceID, but then use FaceID for multiple banking apps? If so are people doing that to prevent relations with similar faces gaining phone access, or another reason?
Use cash whenever possible too.