- A new trend in Android and iPhone theft across São Paulo sees thieves stealing phones not for resell value, but for access to the victims’ banking information.
- Apparently, this escalated version of the old “grab and run” scheme has been happening since the start of the pandemic.
- It’s not clear how criminals are cracking security protocols on such a wide scale. The main theory, for now, is a lack of security attention by the phone’s owner.
Throughout the world, it’s easy to find stories of thieves stealing smartphones. Usually, the theft isn’t that elaborate: someone runs up to a person walking on the street and grabs their phone out of their hands, and runs off. The thief then sells the phone to a pawn shop or online reseller site and keeps the profits.
However, in São Paulo, Brazil, Android and iPhone theft has escalated to a new level. As reported by Brazilian newspaper Folha de S.Paulo (via 9to5Mac), the new theft method is to snatch the phone and then access the victim’s banking apps. Once accessed, the thieves can extract large sums of money and usually make much more than they would just reselling the phone.
Android and iPhone theft: A whole new world
According to Folha de S.Paulo, a specific gang in Brazil is utilizing this tactic. It appears to have started around the same time as the pandemic. That would make sense as Brazil’s COVID-19 problems have been a lot worse than in some other countries. The gang may have found it necessary to escalate their tactics due to the financial crunch.
The thieves target both Android and iPhone users. However, there appears to be special attention to iPhone theft, possibly because of the wealth disparity between Android and iPhone users.
However, the big question is how the thieves are accessing the victims’ banking records. Even if the thief grabs an unlocked phone, they would still theoretically need a passcode or biometric security agent to unlock a banking app. It’s possible the thieves have some sort of software system that allows them to crack phones, similar to what we’ve seen government officials use in the United States. It could also be a lack of security attention by the phone’s owner, or a combination thereof.
The important takeaway here is that you should always require multiple security checks for accessing your banking apps. Two-factor authentication, fingerprints, face unlock — please use them all! Losing a phone is one thing; losing your life savings is another.