Stolen iPhones Are Becoming a Bigger Problem—Here's Why

Security researchers have found that websites offering to unlock stolen iPhones are getting far more traffic than they used to. Cybersecurity firm Infoblox tracked a 350% increase in the past year alone. The finding shows that stealing iPhones is no longer just something a mugger might do for quick cash. Instead, it has become an organized business.

Researchers linked more than 10,000 phishing websites to stolen iPhone unlocking activity, according to Wired's investigation published earlier this month. The tools themselves are cheap now—under $10 each—which means almost anyone can afford to buy one.

Why Criminals Want Unlocked Phones

A locked stolen iPhone might sell for $50 to $200 on the black market. But once it is unlocked, the price jumps to $500 to $1,000. That five-fold increase is the real prize. It pushes criminals to invest time and money into unlocking them instead of just flipping them as hardware.

Here's what criminals gain access to once inside: your banking apps, email accounts, and saved passwords. They can also impersonate you in messages to friends or family. In one case, London police arrested four men who had accessed financial accounts on more than 5,000 stolen phones.

The attack typically starts in a public place. A criminal watches you enter your PIN or password at a café or on a train. Then they steal your phone right after. With the code already in memory, they can disable Apple's Find My iPhone feature and other protections that would normally help you recover it or lock a thief out.

The Tools Are Getting Smarter

What used to require serious technical skill is now packaged into simple software that anyone can use. Criminals simply distribute these unlocking tools to a large network of lower-level thieves and fences, much like how automated hacking kits simplified malware in the mid-2000s.

These tools are also getting more convincing. The Swiss National Cybersecurity Center has reported that phishing messages now include accurate details like your iPhone's model, color, and storage capacity—information scammers can pull directly from your stolen phone. When a text or email sounds this specific, you are more likely to believe it.

Apple has introduced features like Stolen Device Protection to address this. The feature forces you to use your face or fingerprint again before you can do sensitive things like change your password, even if someone already unlocked your phone with the correct PIN. But the underlying tension remains: phones have to be easy to use while also being secure, and that balance is hard to get right.

The Broader Risk

The stolen device problem sits alongside a much larger one. According to Apple's own data, 2.6 billion records were compromised in data breaches over a two-year period ending in December 2023. More than six in ten of the largest U.S. companies have suffered public data breaches.

When criminals steal your phone and then cross-check your information against data leaked from corporate breaches, they can craft more believable phishing messages. They know your name, your email, your past addresses, and sometimes even your password. This combination of a stolen phone plus leaked personal data is far more powerful than either one alone.

The scale of this problem now goes beyond individual users. Employers should treat a stolen employee phone as a serious security incident, especially if that person has access to company systems or sensitive files. The FBI has issued multiple warnings about these scams targeting iPhone users. The agency's advice boils down to this: a stolen phone is not just a lost device. It is potentially the first step in a broader attack on your identity and finances.

Apple has tried to fight back by blocking $1.5 billion in fraudulent transactions on its App Store and removing 1.6 million risky apps in 2021. But these measures catch fraud after the fact rather than stopping the underlying incentives that make stolen phones valuable in the first place.

The real change will likely require either much stronger security built into phones themselves or enough law enforcement pressure to make the black market for stolen devices far less profitable. Neither is easy to achieve, and both take time.