Aaron Johnson, a 26-year-old criminal, executed a deceptively simple but effective scheme to steal over $300,000 from bank accounts by hacking into iPhones. Between 2021 and 2022, Johnson frequented Minnesota bars, where he would observe and memorize the passcodes of young people as they entered them into their iPhones. Once he had the passcodes, he stole the phones, locked the victims out of their Apple IDs, and enrolled his own face in the devices’ Face ID, effectively gaining complete control. This access allowed him to retrieve login credentials stored in the phones’ keychains and drain substantial funds from the victims’ banking applications using mobile payment services like Venmo, Zelle, and Coinbase. This security breach led Apple to introduce the ‘Stolen Device Protection’ setting in iOS 17.3, designed to prevent such unauthorized access to Apple accounts and Keychain-stored passwords. Ensure that customers and clients are updating their IOS to have access to this added security feature.