Coppers could not work out how the criminals were doing it, and then they suddenly realised that they had been working on the assumption that iPhones were the most secure phones in the world. When they realised they were not it was easy.
The Sao Paulo police arrested one of the criminals who spilt the beans about how easy it was. One of the criminals bragged he could unlock iPhone 5 to iPhone 11 models. According to Police Chief Fabiano Barbeiro, the criminals only need the iPhone SIM card to access all the device's data.
The criminals would use the SIM card of the stolen iPhone in another iPhone and search social networks such as Instagram and Facebook to find out the email address of the stolen iPhone's owner. Usually, this email address is also the one used for their Apple ID.
Once the criminals have identified the email address for the Apple ID, they would reset the password of the Apple ID using the phone number of the victim.
Barbeiro said that when they download data from the cloud to the new device, they search for information linked to the word "password" and, according to them, they usually get what they need to access the victim's bank accounts.
Once they have this information, they return the SIM card to the victim's phone and give the device to the gang member responsible for access the bank accounts.
Apple assured that it would allow users to delete their data from stolen iPhones in a hassle-free way. Still, it did not state the exact measures it will implement for that to be possible, we assume it knows how… but then again everyone thought that a scam like this would be impossible because Apple told them so.