Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iPhones hacked and remote controlled (3G & 4)

Amazing Iceman

Amazing Iceman

macrumors 603
Original poster
Nov 8, 2008
6,103
5,103
Florida, U.S.A.
A friend of mine seems to have her two iPhones hacked, and asked me to help her by removing any hacks it may have.
The phones don't seem to have been jailbreaked (any special way to confirm that?)

She did show me some strange SMS messages from **** and ** (yes, the name was only asterisks).

and also phone calling activity in the logs which she claims never did.
She does strongly suspects someone is listening to her conversations and accessing the webcam remotely.

Any clues? I am going to meet her tomorrow and I would like to solve these problems so she can sleep at night.
 
First thing to look for in a jailbroken phone is the Cydia application. If that is missing another way to tell is when you tap and hold down an icon the apps would start to wobble. Any apps which do not have the X listed on them to delete are either apps installed through Cydia or Apple built-in apps.

If you still can't tell then connect the phone to her computer. Download a program like iPhoneBrowser (http://code.google.com/p/iphonebrowser/) if you see a very limited amount of directories then the iPhone is not jailbroken. If you see a full layout of directories then the phone is jailbroken.

If she does not want it to be jailbroken just restore it in iTunes and the jailbreak goes away. An unjailbroken iPhone is very restrictive and someone from the outside would not be able to enter the file system and access components. A jailbroken phone does open up the entire file system where apps and even someone from the outside could gain access to it.
 
Just restore the phone as new for her and add contact apps, music etc after and give her the peace of mind problem solved. even if you tell her it's not JB she is still going to worry. tell her we said restore as new and she will be fine. I feel my jb phone is as secure as a non JB phone but no need to debate that.
 
Thank you for all this helpful information. I'm going to follow draz's advice first, as she really wants to know if her phone was actually jailbroken without her authorization.

I have also read rumors of a hack through a special SMS message that would allow someone to gain access to an iPhone without physically holding it. This alleged hack would allow the attacker instant remote access to the whole phone.
Is this true, and up to what iOS version is the iPhone vulnerable? Is there a way to identify this was the kind of attack used to hack this phone?
 
draz said:
First thing to look for in a jailbroken phone is the Cydia application. If that is missing another way to tell is when you tap and hold down an icon the apps would start to wobble. Any apps which do not have the X listed on them to delete are either apps installed through Cydia or Apple built-in apps.

If you still can't tell then connect the phone to her computer. Download a program like iPhoneBrowser (http://code.google.com/p/iphonebrowser/) if you see a very limited amount of directories then the iPhone is not jailbroken. If you see a full layout of directories then the phone is jailbroken.

If she does not want it to be jailbroken just restore it in iTunes and the jailbreak goes away. An unjailbroken iPhone is very restrictive and someone from the outside would not be able to enter the file system and access components. A jailbroken phone does open up the entire file system where apps and even someone from the outside could gain access to it.
Click to expand...

Sorry draz, is there a version of this program that you would recommend for the Mac? Thanks.
 
um..

hello, and im sorry, this is an irrelevant answer, but
im new to this and im not sure how to post posts :S
can anyone plz help me >.<
 
kiminitodoke said:
hello, and im sorry, this is an irrelevant answer, but
im new to this and im not sure how to post posts :S
can anyone plz help me >.<
Click to expand...

Go to the subfourm, like the iPhone Hacks one, and down at the bottom click the "Start new thread" button.
 
IrishVixen said:
Try iPhone Explorer--good for Mac or PC, and free.

http://www.macroplant.com/iphoneexplorer/

I second labman's advice to restore as new, but please do let us know if you find anything out.
Click to expand...

Thanks. I really need to know how it was hacked, so I'm afraid I'll have to take the long route.
I also have to check her Macs, which seem to be hacked as well. It's getting very weird :confused:
 
Amazing Iceman said:
Thanks. I really need to know how it was hacked, so I'm afraid I'll have to take the long route.
I also have to check her Macs, which seem to be hacked as well. It's getting very weird :confused:
Click to expand...
You're making me think somebody had physical access to her devices. Veerrryyy interesting, as the weird little guy used to say. I guess you should check to see what processes are running on them. I opened up Activity Monitor on my Mac just now and I got a hundred processes running. I think there must be a more efficient way than combing through all of those - like running an antivirus app. Curious to hear what you uncover.
 
Junkboxy said:
You're making me think somebody had physical access to her devices. Veerrryyy interesting, as the weird little guy used to say. I guess you should check to see what processes are running on them. I opened up Activity Monitor on my Mac just now and I got a hundred processes running. I think there must be a more efficient way than combing through all of those - like running an antivirus app. Curious to hear what you uncover.
Click to expand...

Well, seems like it. She also has some iMacs that apparently got hacked too. I have looked everywhere I know for possible scripts or apps based on my Linux knowledge. The process list didn't reveal anything significant. I'm an expert at this on Windows, but on the Mac I realize I have a lot to learn.

I don't want to go out of topic, so is there a forum for Mac hacks?

Thanks!
 
i went on the forums to see if anyone experienced anything like I did last night. I was out last night and something very strange happened. I was at the bar area and in my status bar it said "No phone calls for you!" really strange. I might have just been really toast. lol
 
sloppygator2013 said:
i went on the forums to see if anyone experienced anything like I did last night. I was out last night and something very strange happened. I was at the bar area and in my status bar it said "No phone calls for you!" really strange. I might have just been really toast. lol
Click to expand...

Dear god..that's not funny..that's creepy. =P

If your suspecting physical tampering of your computers and iPhones have occured, your best bet it to setup security cameras in your house.

Do not restore the phone.
The fact you could have potentially gotten hacked via SMS could lead to something Apple could use in the future, such as preventing it in iOS 4.3 or later.

So take it to the Genius Bar at an Apple Store near you and have them look at it. Only restore if they tell you to.

This could be some important information for Apple to patch =P

But dude--that's creepy.
 
Amazing Iceman said:
Well, seems like it. She also has some iMacs that apparently got hacked too. I have looked everywhere I know for possible scripts or apps based on my Linux knowledge. The process list didn't reveal anything significant. I'm an expert at this on Windows, but on the Mac I realize I have a lot to learn.

I don't want to go out of topic, so is there a forum for Mac hacks?

Thanks!
Click to expand...
On the Mac side of it:
My first thought right away is that I would install a program called Little Snitch (hxxp://www.obdev.at/products/littlesnitch/index.html) on her Macs. It's sort of an 'outgoing firewall', if you will. It lets you know what apps/processes are making calls out to the internet. By its very nature, it must be a little pesky in the beginning as you grant certain apps like browsers, email clients, and iTunes the network access they need to be functional. BUT, if her Mac had a trojan that was phoning-home to an "unauthorized surveillor", Little Snitch would gatekeep that from going out. A popup display which shows WHAT APP is trying to connect to WHAT LOCATION would remain until you either clicked on 'allow' or 'deny'.

I'll do a little more thinking and get back here if there are any good system scanners or Mac hacking resources.
 
Junkboxy said:
On the Mac side of it:
My first thought right away is that I would install a program called Little Snitch (hxxp://www.obdev.at/products/littlesnitch/index.html) on her Macs. It's sort of an 'outgoing firewall', if you will. It lets you know what apps/processes are making calls out to the internet. By its very nature, it must be a little pesky in the beginning as you grant certain apps like browsers, email clients, and iTunes the network access they need to be functional. BUT, if her Mac had a trojan that was phoning-home to an "unauthorized surveillor", Little Snitch would gatekeep that from going out. A popup display which shows WHAT APP is trying to connect to WHAT LOCATION would remain until you either clicked on 'allow' or 'deny'.

I'll do a little more thinking and get back here if there are any good system scanners or Mac hacking resources.
Click to expand...

Thank you. I was able to access the iMac's HD using direct transfer mode, and I scanned it using ClamXav. It found a lot of Word Macro viruses, some windows Trojans and a Java Trojan, all inside her mailbox. Expect for the Java Trojan, I don't think the others are a threat to a Mac.

Her iPhones were not JB either.

I still suspect something still is very fishy.

Is there a way to access a MacBookAir HD using direct transfer mode using USB?
 
sloppygator2013 said:
i went on the forums to see if anyone experienced anything like I did last night. I was out last night and something very strange happened. I was at the bar area and in my status bar it said "No phone calls for you!" really strange. I might have just been really toast. lol
Click to expand...
Are you being serious? If u r, I'd ask if your phone is jailbroken, and you have openssh installed, wi-fi on, and you never changed the password?
 
sloppygator2013 said:
i went on the forums to see if anyone experienced anything like I did last night. I was out last night and something very strange happened. I was at the bar area and in my status bar it said "No phone calls for you!" really strange. I might have just been really toast. lol
Click to expand...

That may have been from the "Phone Call Nazi". Did you get him upset or something?
 
sloppygator2013 said:
i went on the forums to see if anyone experienced anything like I did last night. I was out last night and something very strange happened. I was at the bar area and in my status bar it said "No phone calls for you!" really strange. I might have just been really toast. lol
Click to expand...

Nothing weird about this, you went into SBSettings and toggled the "Phone" to Off and it makes it say "No Phone Calls for You!" where the Signal/Carrier are usually at.
 
TaterToT said:
Nothing weird about this, you went into SBSettings and toggled the "Phone" to Off and it makes it say "No Phone Calls for You!" where the Signal/Carrier are usually at.
Click to expand...

TS stated that the phones are jailbroken so it would be SBSettings. he believes it might be a virus. TS if I was you at this point I might check with somebody at Apple they might even have some tools that would be useful.
 
labman said:
TS stated that the phones are jailbroken so it would be SBSettings. he believes it might be a virus. TS if I was you at this point I might check with somebody at Apple they might even have some tools that would be useful.
Click to expand...

Thanks, but I have confirmed the two iPhones in question were not jail broken, but their iOS versions are not up to date, reason why I do suspect some kind of hack was used that didn't require jailbreaking. Are you aware of any? I don't own an iPhone so I haven't really explored these issues before.

What I'm doing is using several tools to pull up their backups and configurations, and accessing them looking for any strange settings.

If I can't find anything, I'll upgrade to the latest iOS and wipe the phone clean. Then, avoid restoring at all cost, just sync Contacts and Calendar.
 
Amazing Iceman said:
Thanks, but I have confirmed the two iPhones in question were not jail broken, but their iOS versions are not up to date, reason why I do suspect some kind of hack was used that didn't require jailbreaking. Are you aware of any? I don't own an iPhone so I haven't really explored these issues before.

What I'm doing is using several tools to pull up their backups and configurations, and accessing them looking for any strange settings.

If I can't find anything, I'll upgrade to the latest iOS and wipe the phone clean. Then, avoid restoring at all cost, just sync Contacts and Calendar.
Click to expand...

Restore as new like I said in the 1st post. what you are talking about is really weird the 1st time I have heard of it. At lest unjailbroken. Still might consider tajing it to Apple to give her some piece of mind. they have acces to special diagnostic tools.
 
Is it possible that your friend has allowed paranoia to get the better of her? If the phones aren't jailbroken, the chances that they have been compromised are next to nil.

When you say that the phones aren't jailbroken, and that scans on the Macs have turned up relatively clean, then it makes me wonder what reason she has to believe that ALL of her Macs and BOTH of her iPhones are "hacked."

I'm not saying it's absolutely impossible, but the description so far makes me think that someone has an overactive imagination. (That, and to compromise that many machines without being detected would require somebody with a very special skill-set.

-- Nathan
 
NathanA said:
Is it possible that your friend has allowed paranoia to get the better of her? If the phones aren't jailbroken, the chances that they have been compromised are next to nil.

When you say that the phones aren't jailbroken, and that scans on the Macs have turned up relatively clean, then it makes me wonder what reason she has to believe that ALL of her Macs and BOTH of her iPhones are "hacked."

I'm not saying it's absolutely impossible, but the description so far makes me think that someone has an overactive imagination. (That, and to compromise that many machines without being detected would require somebody with a very special skill-set.

-- Nathan
Click to expand...

I also thought about that, but I've been working on these issues for several days, and did see some strange things happen. Some files were set to 0 bytes from one day to the next.

I have also found evidence in the logs that show someone used her computer during several days she was away, and installed/removed some software, including AppCleaner, which forgot to delete from the Download files directory. :D
Also, some utilities to access data in iPhones.

So based on the above incidents and findings, I do no longer take it lightly.

I have removed the MAC from the network and disabled all wireless connectivity.

I have installed LittleSnitch to monitor strange activity. If there's something in those MACs, must be very deep that LittleSnitch can't see it.

On the iPhones, I did find something. I'll create a new post to explain it.
 
Last edited:
Im having the same exact issue almost.
Is there a way to help me if I dont have a pc or mac? I will b getting a samsung tablet this month will that help me?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back