Joanna Stern Goes to Prison
Joanna Stern, writing for The Wall Street Journal (Apple News+ link for the story; YouTube link for the excellent video):
Before the guards let you through the barbed-wire fences and steel
doors at this Minnesota Correctional Facility, you have to leave
your phone in a locker. Not a total inconvenience when you’re
there to visit a prolific iPhone thief.
I wasn’t worried that Aaron Johnson would steal my iPhone, though.
I came to find out how he’d steal it.
“I’m already serving time. I just feel like I should try to be on
the other end of things and try to help people,” Johnson, 26
years old, told me in an interview we filmed inside the
high-security prison where he’s expected to spend the
next several years.
According to the Minneapolis Police Department’s arrest warrant,
Johnson and the other 11 members of the enterprise allegedly
accumulated nearly $300,000. According to him, it was likely more.
Fascinating and remarkable interview. Humanizing, but Stern in no way absolves Johnson for his thievery. (Points to Johnson for honesty too: he mostly regrets getting too greedy.)
One aspect that struck me from Johnson’s description of his modus operandi is that it relied little on observing people surreptitiously to glean their device passcodes. Instead it was mostly pure social engineering. He’d make fast friends with a target in a bar and just talk his way into the target telling him their passcode, so he could show them his Snapchat account or whatever. He’d talk people into giving him what he needed. Never underestimate how much digital crime revolves around person-to-person social engineering.
I’m glad Apple is adding the new Stolen Device Protection feature in iOS 17.3 (currently in beta), but my my main takeaway from this entire saga is that everyone, including Apple, needs to spread awareness that device passcodes need to be treated as holiest-of-holy secrets. You should treat your device passcode with as much (if not more) secrecy as you do your ATM card PIN. Use Face ID (or Touch ID), and if you ever find yourself needing to enter your device passcode in public — anywhere in public — find a private location to enter it, far from any prying eyes or cameras. If you keep your device passcodes secret, you’re safe. I’m sure enough about this that I don’t think I’m going to enable Stolen Device Protection, personally.
★
Joanna Stern, writing for The Wall Street Journal (Apple News+ link for the story; YouTube link for the excellent video):
Before the guards let you through the barbed-wire fences and steel
doors at this Minnesota Correctional Facility, you have to leave
your phone in a locker. Not a total inconvenience when you’re
there to visit a prolific iPhone thief.
I wasn’t worried that Aaron Johnson would steal my iPhone, though.
I came to find out how he’d steal it.
“I’m already serving time. I just feel like I should try to be on
the other end of things and try to help people,” Johnson, 26
years old, told me in an interview we filmed inside the
high-security prison where he’s expected to spend the
next several years.
According to the Minneapolis Police Department’s arrest warrant,
Johnson and the other 11 members of the enterprise allegedly
accumulated nearly $300,000. According to him, it was likely more.
Fascinating and remarkable interview. Humanizing, but Stern in no way absolves Johnson for his thievery. (Points to Johnson for honesty too: he mostly regrets getting too greedy.)
One aspect that struck me from Johnson’s description of his modus operandi is that it relied little on observing people surreptitiously to glean their device passcodes. Instead it was mostly pure social engineering. He’d make fast friends with a target in a bar and just talk his way into the target telling him their passcode, so he could show them his Snapchat account or whatever. He’d talk people into giving him what he needed. Never underestimate how much digital crime revolves around person-to-person social engineering.
I’m glad Apple is adding the new Stolen Device Protection feature in iOS 17.3 (currently in beta), but my my main takeaway from this entire saga is that everyone, including Apple, needs to spread awareness that device passcodes need to be treated as holiest-of-holy secrets. You should treat your device passcode with as much (if not more) secrecy as you do your ATM card PIN. Use Face ID (or Touch ID), and if you ever find yourself needing to enter your device passcode in public — anywhere in public — find a private location to enter it, far from any prying eyes or cameras. If you keep your device passcodes secret, you’re safe. I’m sure enough about this that I don’t think I’m going to enable Stolen Device Protection, personally.