A CONVICTED thief has revealed how he can steal iPhones and how you can protect yourself from people like him.

Aaron Johnson, 26, stole hundreds of iPhones in and around Minneapolis, Minnesota, using them to swipe money through people’s bank apps.

Johnson started to steal phones for money when he was homeless and began to have children, he told Joanna Stern at The Wall Street Journal.

Stern then builds a scenario where she is at the bar with an iPhone 15 Pro Max, asking Johnson what would happen.

He explained that he would use drugs as a tactic.

“I say I have drugs.

“They say they want the drugs.

“I tell ’em, ‘Take my information down.’

“The whole time I don’t have any drugs.

He said that as soon as the phone was in his hand, he asked for the code or was given the code by the person.

He then changes the subject to distract from the stealing.

Johnson targets college kids because they are already intoxicated and unaware of what’s happening.

He continues with the scenario saying he would next lock the phone on purpose, but tells the person something is wrong with their phone and he needs the passcode again.

People were willing and trusting to give them their passcodes immediately.

Stern asked him the pressing question: “Never did people say, ‘Hey you took my phone?'”

Johnson answered saying they did, but when they asked he would no longer have the phone — it would already have been passed off to someone there working with him.

So, what’s the next step?

“It’s kinda like a bank robbery.

“You gotta be quick,” he explained.

He immediately went to the phone’s iCloud and made a new password.

This was possible because he knew the six-digit passcode to open the phone.

He would then turn off Find My iPhone which locked people from finding their phone.

These steps took him 5-10 seconds to complete.

Using the passcode, Johnson would also change the Face ID to his own, making it easier for him to get into locked apps and notes to access saved passwords and information.

“Now you got your face on there, you got the key to everything,” Johnson said.

Face ID allowed him to open people’s bank and cryptocurrency apps, but when he couldn’t get in with just his face, he would dig through the notes app where people often store passwords.

Read Related Also: Biden's Migrant Crisis Overflows Tax-Funded Shelters in Detroit

This was a very fast process; before 5 am he would have all their money gone from their accounts and if they had a credit line, he would immediately hit luxury stores.

He was able to shop using the stolen credit line and just a phone because he used Apple Pay which, because his face was in the phone, allowed him to tap and pay.

After draining the person of all their money, Johnson would then use the original passcode to erase the iPhone so he could sell it.

For an iPhone Pro or Pro Max with 128GB or 256GB he would get about $650, Stern reported.

For a regular, non-pro iPhone he would get $300-$400.

He stole about 5-10 phones a night, 30 phones from Friday to Sunday.

This allowed him to make up to $20,000 a weekend just from selling the phones.

Johnson used the money to buy new Apple products to sell alongside the stolen, wiped phone.

“You were using the Apple products to get cash?” Stern asked Johnson.

“Yeah, that was exactly what I was doing,” he answered.

When asked if Apple should be doing more to protect their customers from thieves, Johnson said yes.

“But first, they gotta hire me,” he joked.

APPLE’S RESPONSE

According to Stern, Apple immediately took steps to beef up security after hearing about Johnson’s racketeering scheme.

In its upcoming iOS 17.3 update, the tech giant added the Stolen Device Protection setting.

It will remain turned off unless activated by the iPhone user, and adds more protection from criminals when away from known spaces like home or work.

If a thief got the device with the setting activated, they’d need the users Face ID or fingerprint scan to change an Apple ID password.

They’d then have to wait at least an hour before a second round of biometrics to get into the device.

Disabling Find My iPhone and creating a new Face ID also require the same hour-long process.

Biometrics are also required for any other saved passwords with the Stolen Device Protection setting.

Even with the updated security, payment applications like Venmo would still be seemingly vulnerable, along with Apple Pay.

The Notes app also would remain accessible, so it’s advised that customers never store passwords there.

“Everything that you could ever imagine is in the Notes, or in the Photos,” Johnson told Stern.

“Don’t give your passcode out.”

Johnson said that he and his alleged partners were able to steal a total of about $1 million to $2 million in the scheme.

“I truly am sorry for all the people I stole from and…probably ruined your life, but I just felt like my life was ruined and I had nowhere else to go,” he continued.

“I’m just gonna do better, for myself, my life and my kids.”