Apple introduced the optional recovery key in 2020 as a way to protect users from online hackers. Unfortunately, the security feature can be used against them as well. iPhone thieves with the passcode can flip on the recovery key and lock owners out, and even if the recovery key is enabled, they can easily generate a new one, making it impossible for the user to gain access to their account without the recovery key.
This spy-and-grab attack has become increasingly common and devastating with the addition of the recovery key. To prevent this, users should choose a long and complex passcode, and set parental controls in a way that further secure the device. Additionally, Apple could redesign their recovery system and consider other, less privacy-compromising methods, such as requiring a recovery email, phone number, or account password to regain access, or an eight-hour delay before the recovery key can be changed.
The goal of the recovery key was to defend against SIM swapping, but now it can be used against owners in the form of a spy-and-grab attack. To prevent this, users must protect their phones with a long and complex passcode and set parental controls, and Apple should implement a better recovery system that doesn’t rely solely on the recovery key.
• Apple introduced the recovery key in 2020 to protect users from online hackers
• iPhone thieves can flip on the recovery key and lock owners out
• Spy-and-grab attack has become increasingly devastating with the addition of the recovery key
• Prevent this by choosing a long and complex passcode and setting parental controls
• Apple should redesign their recovery system with other, less privacy-compromising methods