HELP: I think my iPad was hacked overnight ** pls help :(

Discussion in 'iPad Tips, Help and Troubleshooting' started by Smittay, Aug 11, 2011.

  1. Smittay macrumors member

    Jul 12, 2008
    hey everybody

    i went on vacation to my father's beach house and brought my ipad, i am very very careful about all personal information and security...

    he has a comcast connection and had a secure WEP password, it was a comcast three in one, phone, tv and internet router

    anyways last night, i put the ipad into sleep mode at 1am (which i do all the time at home, never had a problem), locked the doors to the house and went to bed with the ipad in the night stand drawer next to my bed. only my wife and i were in the house...all week.

    i wake up this morning and turn on my 64gb/3G 1st gen ipad (running 4.3) at 11am. i entered my 4 DIGIT PASSCODE to unlock the ipad and i click the safari app in the dock and 9 pages of history automatically opened up to sites i had never been to. so then i checked safari history and there were about 150 web pages visited, most notable,

    so freaking out, i check my email and sadly someone had ordered around $8,373.00 through my account... they ordered android tablets, macbook pros, videos, cameras, kindles, etc. with everything shipped to my home address. the confirmation emails started coming from amazon at 8:15am-10:45am, just before i checked the iPad at 11am.

    how could this happen? has anyone had an experience like this? or know what i am talking about?

    i then drove immediately to my cousins house 2 miles away and changed all my passwords to EVERYTHING on my cousins hard-wired laptop NOT my ipad that was compromised....i also notified all 3 credit bureaus and put a fraud alert on my wifes and my social security numbers .... that they would have to call me before opening new credit cards, etc.

    i then called the police and had them come out and note the incident, i changed all banking passwords, canceled my credit cards, revoked all bunk amazon charges and changed my password to changed my ebay, paypal, facebook, etc...

    ******** here's the kicker... Apple iPad Applecare rep said it had to be a close job ... someone had to get within 50-100 feet of comcast router and do it from there...

    ********SO RIGHT AS MY WIFE AND I LEAVE --- this kid walks down our barren vacation road, with a PC laptop OPEN in his hands, looking at it ....i asked what he was doing and he said going to his grandparents to use the internet, i said why is your laptop open, if you are just carrying it ??? and did he know that my router was broken into and my accounts hacked?? he looked young.

    he acted so suspicious, so i called the police on him, he was walking around the neighborhood with the laptop open going up to houses and in back of them..... the police said his parents claimed he was going to his grandparents to use the internet, he was a minor... this is SOOO SUSPICIOUS!!!!

    could he have hacked my ipad this morning??? from walking up to houses?? i mean 9 ipad windows were passcode was bypassed and $8300 was ordered from my account.

    i left vacation and drove 2 hours home immediately after, i stopped by the genius bar at the Apple Store tonight and they ran diagnostics and looked at me like i was crazy... they had never heard of what i said before .....

    they said i had really "low memory" cause there were a ton of Apps running... but when the genius double clicked my home tab, only, safari and mail were open. why was this??? were there Apps running in the background? could someone put a hidden App on my ipad?? my ipad is not jailbroken... could i test it somehow to see if it was??

    I REALLY NEED YOUR HELP!! Apple Genius and Apple ipad Support and Care tossed me out like a wet towel.. said i could do whatever and that the Comcast network was probably compromised ... Comcast in turn is blaming Apple, that i probably downloaded an unsafe App months ago that had a keylogger on it and they waiting 6 months to nail all my accounts...

    what should i do? is there anything you can think of??? i have not connected the iPad to my 3G network from AT&T nor my home WIFI... i also deleted about 30 apps i don't use in casae they had a keylogger, but i didnt think ipad had a keylogger unless it was jailbroken, mine is not.

    or do you think my ipad was keylogged??? what apps could do this?? i got rid of Skype, Spotify, cause it sent my a security / virus email.... im so upset and dont know where to begin, any help would be MUCH MUCH appreciated and good karma comes back 10X fold... any ideas or anything would help. :)

    i have to go to bed after this tragic long 13 hour miserable day ....

    thanks for your help, smitt
  2. LanEvo macrumors 6502

    Sep 5, 2010
    How do you hack an iPad? The only way I see this is if someone hacked your router and mirrored/monitored what was on the iPad or your laptop. Even then, this is hacker level here, most "average" people would not know how to do it. And as far as apps go, most of them should be safe, unless you are using a developers app where they tell you to input personal info., most do not. Developers cannot, and I may be wrong, monitor a individuals iPad without the consent of sending anonymous information, like when you install a new program and it asks to send anonymous data/feedback for research purposes.
  3. Macman45 macrumors demi-god


    Jul 29, 2011
    Somewhere Back In The Long Ago
    That's Whats Happened Here

    Kids these days no the codes for routers....And they use them too! Never use a router supplied by an isp,,,,always buy a decent one and jack up the security.

    I hope your bank tracks this kid down,
  4. LanEvo macrumors 6502

    Sep 5, 2010
    The codes to a router are really easy to hack sure, it's usually always admin, password. But they have to know the router password first, to get into a router you must be connected to that router then log into it.
  5. LanEvo macrumors 6502

    Sep 5, 2010
    Ok OP, I think it was a router hack, bc it may have been a Comcsst supplied model/router and on the very back of those, it should have all the info. for anyone to look at and get into.
  6. munkery macrumors 68020


    Dec 18, 2006
    If the scenario provided is not a troll, here are some important tips:

    1) Do not use WEP secured wireless. Only use WPA2.

    2) Make sure the router has secure network and admin passwords.

    3) Keep your iOS device up to date.

    4) Do not use a 4 digit passcode. (BTW, bypassing the passcode requires physical access to the device.)

    5) And given that the scenario is entirely implausible, do not binge on coke so hard that you black out and go on an Amazon shopping spree.
  7. Blaine macrumors 6502a


    Dec 3, 2007
    Abilene TX
  8. NoStopN macrumors 6502


    Jul 13, 2010
    Murfreesboro, TN
    If the iPad was physically turned off while he was sleeping, then the iPad wasn't on the network & couldn't be hacked. Someone may well have been able to get onto the router network, but they would have only been able to surf on their own computer (unless they physically came into the house & used the iPad).

    On a separate note, the kid could have been learning hacking the hard (& stupid) way. I mean, Comex (who does most of the iOS JBs) was in an article last week that said he was 19.
  9. Smittay thread starter macrumors member

    Jul 12, 2008
    thank you to everybody who replied, i am not a troll at all, ive been on here since 2008... read my past posts,

    i am still scared and super paranoid now, one type i made was that the amazon amount was 8300, it was actually 4300, i was typing in a rush... so thats why i think the cc company didnt contact me, cause it was under 5000

    so do you guys think it was my dads vacation house router that was hacked? or all along could it have been my home wifi network, with someone just accruing information and then when i went on vacation, they stuck??

    thank you everyone so much again, any more info you have would be greatly appreciated....hopefully if this thread stays topped, somebody might have seen this scenario before, thanks guys - smitt :)
  10. Smittay thread starter macrumors member

    Jul 12, 2008
    thanks nostopn,

    my ipad was actually in sleep mode, but i did have a passcode with 4 digits set... if it was in sleep mode, could somebody have used it over the router??

    i have used apple products for more than 20 years and NEVER seen anything like this, i felt so violated... i mean 9 browser windows were open on my safari on the ipad and it had 150+ pages of sites i never visited...and emails back to me from

    if it didnt happen to me personally like this, i would have a hard time believing this story too... but i dont know what to do now??

    1) should i wipe the ipad and all my data in the apps?? is there some invisible app running and hogging all the memory?

    2) should i just let it go cause it was a WIFI break in on my dads router, 2 hours away from my home??

    im scared to even turn it on my WIFI network at home, out of fear that they could access my network once it is turned on and out of airplane mode...

    OR... could they have broken into my home network a long time ago, been watching me, and knew i was going on vacation and tried to strike while they thought i was away???

    with the 9 safari windows open and an email stuck in my wifes mail outbox, i tend to beliebe it had something to do with the vacation house router... :(

    thank you all so much for helping already, smitt
  11. Smittay, Aug 12, 2011
    Last edited: Aug 12, 2011

    Smittay thread starter macrumors member

    Jul 12, 2008
    also, if they didnt have physical access to the device, and couldnt get throught the passcode, how did those 9 browser windows open up??

    could it have something to do with the find my ipad app from apple??

    i dont know, im just shooting in the dark here.

    i also got rid of spotify premium, cause it let me download tracks while i was offline to keep on my ipad and play when i was out of wifi or 3g streaming distance.... you would have thought you would hear about this then over the internet or news...

    i also deleted pocketcloud app

    and skype for ipad which i downloaded last week, and skype for iphone --it was sending me a weird number that was calling me (yes i have a skype phone number) on tues night and then a virus email voicemail notification thurs night (last night, when i got home),

    i also downloaded an app on the vacation wifi network from itunes.. on the router that seemed to be compromised..

    ... sorry if im rambling, i just want to get this taken care of !!! :)
  12. NoStopN macrumors 6502


    Jul 13, 2010
    Murfreesboro, TN
    I just skimmed back over some parts of your first post. I don't think that iPad apps have keyloggers. If they do, there should be a way for people downloading the apps to be made aware of that. I also thought I read where you are not on vacation any longer, so having access to your dad's router is out. If you are still at his place & have access to the router settings, I'd advise doing that & changing settings on your home router as well. You can't be too safe. If your dad uses his router while he's away (for remote access), call him & inform him of the changes that you made. Otherwise, just leave a note with that info on it.
  13. Smittay thread starter macrumors member

    Jul 12, 2008
    thanks nostopn :)

    i am at home and not at my dads vacation house... i have a generic westell router at home from verizon DSL, can i make those changes on this router here at home that you suggested, i am very new to this... are those the ones munkery posted in this thread?? and yes, if i wasnt scared crapless right now i would be laughing very hard at the binging on coke and blacking out on amazon... because trust me, i wondered if i blacked out too and sleepwalked and did this at amazon... :)
  14. Blaine macrumors 6502a


    Dec 3, 2007
    Abilene TX
    Were the items bought stuff that you'd buy for yourself? Also do you take ambien or other sleep meds? They can make you basically "sleep walk" and not remember a thing the next morning.

    I am sooooo not accusing you of anything, but am just throwing out ideas.

    I used to take ambien, and at least once, I remember buying a high ticket item while on it, and then just barely remembering it the next morning. I ran to check my email, and sure enough, I had ordered it. Thankfully, I was able to cancel the order before it shipped. :p
  15. NoStopN macrumors 6502


    Jul 13, 2010
    Murfreesboro, TN
    Is the Verizon router separate from the modem, or do you have one "box" that does it all? If you have a computer that connects to the wifi router, then it should have made you set up a home network. You may remember when. You first got the service that you had to do some things related to getting each wifi device to access that network. If Verizon handled everything, then you should call them & see if there is a way to get the info on how to change the login & password info. If they can be of no help & you never had to set anything up to get your home wifi running, then it's time to get your own modem & router. There are also aftermarket models that do both jobs. This would allow you to control all of that information & allow you to change it when you need to.

    As for the browser being open to 9 pages, that could have possibly happened if someone else was on the router. I think someone could have used a VPN to access the network & possibly the iPad. I've heard about people using VPNs to forward stuff from their PC to the iPad, but I'm not 100% sure how a VPN interacts in those situations. I could be completely wrong about that. But, if they just wanted to surf, then why would they bother to try to access your iPad? Why try to go through your passcode? These are the things that make the story harder to believe. It's been said that jailbroken iDevices are "more susceptible" to being hacked that non-jailbroken ones. Has your iPad ever been jailbroken? And, if you can take care of changing the login/password settings of your home network, then just change that info in the iPad & fear no more.

    Also, I have heard in the past that Skype has had problems with security on mobile devices. I don't know why I was in such a hurry to download it when it became available for the iPad because I don't have an account. As for the app which you downloaded while on vacation, it is most likely fine. Apps can't be broken into too easily. As for the piece of mail stuck in the outbox, you could always stop by a McDonalds or Starbucks & hook onto their wifi for a few minutes so that it gets sent. :D Other than changing passwords for your accounts (banks, Facebook, tv streaming apps), all of the other apps should be fine.
  16. Smittay thread starter macrumors member

    Jul 12, 2008
    no they ordered an android tablet - im an apple guy would never order that

    they ordered 2 - 13 inch macbooks pros, i dont need those, i have computers

    they ordered a kindle, we already have one, so i would never re-order that :)

    thanks for trying to help, trust me, i even wondered these weird questions too
  17. Smittay thread starter macrumors member

    Jul 12, 2008
    thank you so so so so much!

    verizon gave me the all in one westell wireless modem?? that connects to my dsl line, i remember setting up the network with them and their instructions...

    i will give them a call today - i also believe maybe the kid did something with VPN.... the AppleCare guy said if he was accessing our wifi at the vacation home, my ipad might have picked up some of the pages he was browsing if it was in sleep mode.... maybe that's what happened?

    regardless i changed everything, all passwords, from a separate laptop on my cousins secure network... hopefully this will work for now, i really really dont want to wipe the ipad, but i dont want to be a sitting duck, unaware of what is going on if it could be something in the ipad...

    thank you so much -- honestly all of this DID happen... i would never make it up, im an apple freak who loves apple stuff and usually know whats going on... i dont use PCs and i really really really appreciate all your guys help and time !!!

    any other advice or tips, pls post them in this thread, ill owe you guys one for helping me so much :) smitt
  18. Blaine macrumors 6502a


    Dec 3, 2007
    Abilene TX
    I know you don't want to, but I think you have to wipe the iPad.
  19. munkery macrumors 68020


    Dec 18, 2006
    Hacking an iOS device requires an exploit for a local privilege escalation vulnerability. This is required to enable bypassing DAC and the sandbox.

    The following is a list of past incidences of this type of vulnerability in iOS.

    Two of the items in that list were found by Comex. It took 10 months to develop the second exploit.

    Why would someone with that level of skill risk exposing their exploit for crime when they can make more via prizes from a hacking contest, such as pwn2own, or via donations received by releasing a jailbreak?

    I doubt your iPad was hacked.

    Also, a VPN is not a reasonable explanation for the pages in your history.
  20. xjosh macrumors regular

    Jan 7, 2011
  21. wpotere Guest

    Oct 7, 2010

    ^^ This...

    Lastly, if your parents are running WEP they need to change it to WPA2. ;)
  22. Smittay thread starter macrumors member

    Jul 12, 2008
    thanks munkery...

    that is exactly what is boggling me to... how did those 9 pages open in my ipad safari window... unless someone came in and used it?? but everything in the house was locked. so thanks, im glad my ipad was not hacked.

    and i also was confused how someone breaking into the comcast router/modem could cause 9 pages of history on my ipad.

    the AppleCare iPad support guy said that if somebody hacked my comcast router/modem and my ipad was connected, but in sleep mode, it might have opened those pages 9 open windows and a history of about 150 pages...

    thanks for helping me you guys - i have never ever seen anything like this before, i freaked out so badly when i opened my ipad yesterday morning and saw all of this....

    * question... Could my iMac (that i use itunes on at work to sync my ipad) be compromised with a keylogger??? and then have it spread to the ipad when i was syncing it?? is there any way to look for a keylogger on my iMac??

    thanks again, you guys are awesome and really helping me out :)
  23. Smittay thread starter macrumors member

    Jul 12, 2008
    josh, why would you say that? ive been on the boards since 2008, check my history and threads.. they are all apple questions or comments. all im trying to do is figure out what happened to my ipad, im really sorry that you think im a troll, but that is the farthest thing away from the truth, i hope you can understand that. i am a good guy, always have been, always will, what benefit would i get out of this if i was a troll?? seriously.
  24. munkery macrumors 68020


    Dec 18, 2006
    He is wrong.


    Are you sure that you didn't purchase something with your parent's credit card on Amazon and then came to MacRumors to create a thread with a psuedonym that can't be linked to you personally to justify the story of the possibility that it was due to hacking?

    Once an attacker has access to an online purchase account, it is easy to change the delivery destination to somewhere else that does not reveal the identity of the attacker other than the targets home. It does not make sense that the items were sent to your house.

    I am afraid that if this is not a troll that I have to call it a scam on the part of the OP.
  25. rworne macrumors 6502

    Jul 23, 2002
    Here's my two cents:

    If the perp wanted to order $8K of stuff off of Amazon *and* he had access to your iPad, you would have woken up less one iPad.

    Just because the iPad is asleep does not mean background tasks aren't running. It's up to the app developer to set that option. I don't know about Safari, but let's assume for the moment it does run in the background.

    Since safari is graphical, they would have to run a VNC-type app to see what they were doing.

    If so, they would have to access the device through a router and NAT. Or just hack the wifi.

    Now your story said this:

    "anyways last night, i put the ipad into sleep mode at 1am (which i do all the time at home, never had a problem), locked the doors to the house and went to bed with the ipad in the night stand drawer next to my bed. only my wife and i were in the house...all week.

    i wake up this morning and turn on my 64gb/3G 1st gen ipad (running 4.3) at 11am. i entered my 4 DIGIT PASSCODE to unlock the ipad and i click the safari app in the dock and 9 pages of history automatically opened up to sites i had never been to. so then i checked safari history and there were about 150 web pages visited, most notable,"

    What were you doing with the iPad at that time? Were you using Safari? If not, the orders could have taken place if you set the thing down (unlocked) and someone decided to mess with it. Even so, when I order from Amazon, it requires me to know my Amazon password just to complete the order.

    My experience from Amazon also says that I get order confirmations within seconds of making my orders. Also, 150 websites are a hell of a lot to visit, even in one night.

    If what you say is true, you hit the holy grail of a hack. Why? Every Apple hater out there is chomping at the bit for just this type of vulnerability to be exposed in iOS. You have one hell of a story for the press here.

    But there is this type of vulnerability:
    Did you jailbreak, put ssh on it and leave in the default password? The only other thing I can think of is a Trojaned 3rd party app loaded from the app store.

    So if you are serious - and if you believe that is what truly happened, stop using the iPad - completely. Contact Apple support, let them know what happened and let them get look at the device to get whatever forensic evidence they can find.

Share This Page