An iPhone thief known for stealing hundreds of smartphones has disclosed his tactics, shedding light on the way he stole devices manufactured by Apple Inc (NASDAQ:AAPL).

What Happened: Aaron Johnson, currently incarcerated in a Minnesota Correctional Facility, told The Wall Street Journal columnist Joanna Stern that he and his team stole hundreds of iPhones. 

He said they would operate in Minneapolis bars, befriending clients, memorize their passcodes, and then steal their phones. Once they had the passcodes, Johnson could lock victims out of their Apple accounts, siphon thousands from their banking apps, and then sell the phones. 

“When you got your face on there, you got the key to everything,” said the 26-year-old. 

His scheme took advantage of the Apple ecosystem and targeted unsuspecting iPhone owners.

As per the report, if thieves figure out the passcode of your iPhone, they could use Apple Pay to purchase things. Moreover, any app without extra protection, like email or Venmo, could be vulnerable.

Johnson’s operation underscores the need for device security, as they contain vital personal and financial data. His technique involved a simple trick of observing iPhone owners enter their passcodes before stealing the phones. 

The operation was so lucrative that Johnson and his team allegedly made nearly $300,000, though he suggests the actual sum was significantly higher. 

Johnson, who has prior convictions for robbery and theft, pleaded guilty to racketeering and received a 94-month sentence. 

An Apple spokesperson pointed Benzinga to a Support Article, which noted that when a device is marked as lost, the “cards and passes that you use with Apple Pay are also turned off.”

Why It Matters: Earlier this month, Apple introduced a new feature, Stolen Device Protection, to combat such passcode-assisted thefts.

This new feature is activated when the device is in an unfamiliar location and requires the iPhone owner to use Apple’s FaceID along with the password for certain sensitive actions like viewing stored passwords or wiping the phone, according to a prior report.

Last November, iPhone thieves tried tricking a user into turning off these protection mechanisms to profit from stolen devices, further emphasizing the ongoing cyber threat iPhone users face.

Check out more of Benzinga’s Consumer Tech coverage by following this link.

This content was partially produced with the help of Benzinga Neuro and was reviewed and published by Benzinga editors.

Editor’s Note: This article was updated to include information from Apple’s Support Pages and include information on Apple’s Stolen Device Protection feature. Earlier references to the feature were removed.