Smartphone theft is big business, and new research has shown how iPhone thieves are able to defeat security measures designed to make stolen devices impossible to use.
Apple has built various security features into the iPhone in an effort to make thieves less likely to target its customers. At the heart of these features is the Find My network, the system for locating lost (and stolen) devices.
The Find My network allows iPhone owners to mark their device as stolen, preventing its use. Normally, a device marked as lost cannot be used until its rightful owner provides their credentials.
However, Infoblox cybersecurity researchers have discovered websites and Telegram groups dedicated to these devices. Using social engineering and phishing techniques, even an iPhone marked as stolen by Find My can be unlocked and then sold for profit.
False Find my
Whenever someone loses their iPhone or has it stolen, they can use the Find My app to mark it as such. They can also add a message to their lock screen, inviting them to return, as well as a contact number.
Apple’s Find My network can be used against you
According to the Infoblox report, it is this contact number that thieves are now using as a phishing vector.
In one example, they detail someone whose iPhone was stolen in Asia. Shortly after the flight, they received a text message with a link to “applemaps-support(.)live”.
Infoblox claims that this lookalike URL is one of more than 800,000 detections each year. In this case, it opens a website designed to look like the real Find My web page, but it’s quite the opposite.
The website displays a PIN entry field which, if used, would allow thieves to access the iPhone.
If this approach doesn’t work, thieves have more tools in their arsenal.
“Find my disabled iPhone”
Researchers also discovered dozens of Telegram groups acting as a marketplace for unblocking tools. These tools come in different shapes and sizes, including claiming to jailbreak old iPhones.
Jailbreaking simply isn’t possible on newer iPhones, so there is another option. “FMI OFF” (Find My iPhone Off) or “iCloud Webkit” are two examples of phishing tools designed to trick iPhone owners into handing over their Apple account credentials.
The groups also proposed social engineering scripts, including AI-powered voice calling software. These tools are designed to trick iPhone owners into giving their passwords to thieves.
Notably, these tools are sold for less than $10 on average per device. Although they can cost up to $50 depending on the iPhone.
How to protect your iPhone
A lot of iPhones are stolen every day, but they’re worth next to nothing if they’re locked. It’s no surprise that thieves have found ways to unlock a stolen iPhone.
Apple’s Stolen Device Protection feature is vital
Some thieves go so far as to try to steal an iPhone when it is already unlocked. For this reason, it is essential to be aware of your surroundings when using your iPhone in public.
It’s also important to make sure Find My is turned on and your iPhone has a strong, unique passcode. It’s also worth making sure your Apple account password is strong and unique as well.
If your iPhone is stolen, be sure to triple check any communications you receive about it. Especially if they claim to be from Apple. Check the domain of all links you receive. Do not give your credentials to anyone over the phone.
Apple enabled stolen device protection by default with the release of iOS 26.4. It modifies the behavior of a stolen iPhone to protect you and your device.