iPhones hacked and remote controlled (3G & 4)

Discussion in 'Jailbreaks and iOS Hacks' started by Amazing Iceman, Dec 23, 2010.

  1. Amazing Iceman macrumors 68040

    Amazing Iceman

    Joined:
    Nov 8, 2008
    Location:
    Florida, U.S.A.
    #1
    A friend of mine seems to have her two iPhones hacked, and asked me to help her by removing any hacks it may have.
    The phones don't seem to have been jailbreaked (any special way to confirm that?)

    She did show me some strange SMS messages from **** and ** (yes, the name was only asterisks).

    and also phone calling activity in the logs which she claims never did.
    She does strongly suspects someone is listening to her conversations and accessing the webcam remotely.

    Any clues? I am going to meet her tomorrow and I would like to solve these problems so she can sleep at night.
     
  2. draz macrumors 6502a

    Joined:
    Jun 20, 2010
    #2
    First thing to look for in a jailbroken phone is the Cydia application. If that is missing another way to tell is when you tap and hold down an icon the apps would start to wobble. Any apps which do not have the X listed on them to delete are either apps installed through Cydia or Apple built-in apps.

    If you still can't tell then connect the phone to her computer. Download a program like iPhoneBrowser (http://code.google.com/p/iphonebrowser/) if you see a very limited amount of directories then the iPhone is not jailbroken. If you see a full layout of directories then the phone is jailbroken.

    If she does not want it to be jailbroken just restore it in iTunes and the jailbreak goes away. An unjailbroken iPhone is very restrictive and someone from the outside would not be able to enter the file system and access components. A jailbroken phone does open up the entire file system where apps and even someone from the outside could gain access to it.
     
  3. labman macrumors 604

    labman

    Joined:
    Jun 9, 2009
    Location:
    Mich near Detroit
    #3
    Just restore the phone as new for her and add contact apps, music etc after and give her the peace of mind problem solved. even if you tell her it's not JB she is still going to worry. tell her we said restore as new and she will be fine. I feel my jb phone is as secure as a non JB phone but no need to debate that.
     
  4. Amazing Iceman thread starter macrumors 68040

    Amazing Iceman

    Joined:
    Nov 8, 2008
    Location:
    Florida, U.S.A.
    #4
    Thank you for all this helpful information. I'm going to follow draz's advice first, as she really wants to know if her phone was actually jailbroken without her authorization.

    I have also read rumors of a hack through a special SMS message that would allow someone to gain access to an iPhone without physically holding it. This alleged hack would allow the attacker instant remote access to the whole phone.
    Is this true, and up to what iOS version is the iPhone vulnerable? Is there a way to identify this was the kind of attack used to hack this phone?
     
  5. Amazing Iceman thread starter macrumors 68040

    Amazing Iceman

    Joined:
    Nov 8, 2008
    Location:
    Florida, U.S.A.
    #5
    Sorry draz, is there a version of this program that you would recommend for the Mac? Thanks.
     
  6. kiminitodoke macrumors newbie

    Joined:
    Dec 23, 2010
    #6
    um..

    hello, and im sorry, this is an irrelevant answer, but
    im new to this and im not sure how to post posts :S
    can anyone plz help me >.<
     
  7. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #7
    Go to the subfourm, like the iPhone Hacks one, and down at the bottom click the "Start new thread" button.
     
  8. IrishVixen macrumors 68020

    IrishVixen

    Joined:
    Jun 20, 2010
    #8
    Try iPhone Explorer--good for Mac or PC, and free.

    http://www.macroplant.com/iphoneexplorer/

    I second labman's advice to restore as new, but please do let us know if you find anything out.
     
  9. Amazing Iceman thread starter macrumors 68040

    Amazing Iceman

    Joined:
    Nov 8, 2008
    Location:
    Florida, U.S.A.
    #9
    Thanks. I really need to know how it was hacked, so I'm afraid I'll have to take the long route.
    I also have to check her Macs, which seem to be hacked as well. It's getting very weird :confused:
     
  10. Junkboxy macrumors member

    Joined:
    Sep 17, 2008
    #10
    You're making me think somebody had physical access to her devices. Veerrryyy interesting, as the weird little guy used to say. I guess you should check to see what processes are running on them. I opened up Activity Monitor on my Mac just now and I got a hundred processes running. I think there must be a more efficient way than combing through all of those - like running an antivirus app. Curious to hear what you uncover.
     
  11. Amazing Iceman thread starter macrumors 68040

    Amazing Iceman

    Joined:
    Nov 8, 2008
    Location:
    Florida, U.S.A.
    #11
    Well, seems like it. She also has some iMacs that apparently got hacked too. I have looked everywhere I know for possible scripts or apps based on my Linux knowledge. The process list didn't reveal anything significant. I'm an expert at this on Windows, but on the Mac I realize I have a lot to learn.

    I don't want to go out of topic, so is there a forum for Mac hacks?

    Thanks!
     
  12. sloppygator2013 macrumors regular

    Joined:
    May 12, 2010
    #12
    i went on the forums to see if anyone experienced anything like I did last night. I was out last night and something very strange happened. I was at the bar area and in my status bar it said "No phone calls for you!" really strange. I might have just been really toast. lol
     
  13. Krishna21 macrumors member

    Joined:
    Aug 29, 2010
    #13
    Dear god..that's not funny..that's creepy. =P

    If your suspecting physical tampering of your computers and iPhones have occured, your best bet it to setup security cameras in your house.

    Do not restore the phone.
    The fact you could have potentially gotten hacked via SMS could lead to something Apple could use in the future, such as preventing it in iOS 4.3 or later.

    So take it to the Genius Bar at an Apple Store near you and have them look at it. Only restore if they tell you to.

    This could be some important information for Apple to patch =P

    But dude--that's creepy.
     
  14. Junkboxy macrumors member

    Joined:
    Sep 17, 2008
    #14
    On the Mac side of it:
    My first thought right away is that I would install a program called Little Snitch (hxxp://www.obdev.at/products/littlesnitch/index.html) on her Macs. It's sort of an 'outgoing firewall', if you will. It lets you know what apps/processes are making calls out to the internet. By its very nature, it must be a little pesky in the beginning as you grant certain apps like browsers, email clients, and iTunes the network access they need to be functional. BUT, if her Mac had a trojan that was phoning-home to an "unauthorized surveillor", Little Snitch would gatekeep that from going out. A popup display which shows WHAT APP is trying to connect to WHAT LOCATION would remain until you either clicked on 'allow' or 'deny'.

    I'll do a little more thinking and get back here if there are any good system scanners or Mac hacking resources.
     
  15. Amazing Iceman thread starter macrumors 68040

    Amazing Iceman

    Joined:
    Nov 8, 2008
    Location:
    Florida, U.S.A.
    #15
    Thank you. I was able to access the iMac's HD using direct transfer mode, and I scanned it using ClamXav. It found a lot of Word Macro viruses, some windows Trojans and a Java Trojan, all inside her mailbox. Expect for the Java Trojan, I don't think the others are a threat to a Mac.

    Her iPhones were not JB either.

    I still suspect something still is very fishy.

    Is there a way to access a MacBookAir HD using direct transfer mode using USB?
     
  16. Junkboxy macrumors member

    Joined:
    Sep 17, 2008
    #16
    Are you being serious? If u r, I'd ask if your phone is jailbroken, and you have openssh installed, wi-fi on, and you never changed the password?
     
  17. Amazing Iceman thread starter macrumors 68040

    Amazing Iceman

    Joined:
    Nov 8, 2008
    Location:
    Florida, U.S.A.
    #17
    That may have been from the "Phone Call Nazi". Did you get him upset or something?
     
  18. TaterToT macrumors 6502

    Joined:
    Sep 16, 2009
    Location:
    OK
    #18
    Nothing weird about this, you went into SBSettings and toggled the "Phone" to Off and it makes it say "No Phone Calls for You!" where the Signal/Carrier are usually at.
     
  19. labman macrumors 604

    labman

    Joined:
    Jun 9, 2009
    Location:
    Mich near Detroit
    #19
    TS stated that the phones are jailbroken so it would be SBSettings. he believes it might be a virus. TS if I was you at this point I might check with somebody at Apple they might even have some tools that would be useful.
     
  20. Amazing Iceman thread starter macrumors 68040

    Amazing Iceman

    Joined:
    Nov 8, 2008
    Location:
    Florida, U.S.A.
    #20
    Thanks, but I have confirmed the two iPhones in question were not jail broken, but their iOS versions are not up to date, reason why I do suspect some kind of hack was used that didn't require jailbreaking. Are you aware of any? I don't own an iPhone so I haven't really explored these issues before.

    What I'm doing is using several tools to pull up their backups and configurations, and accessing them looking for any strange settings.

    If I can't find anything, I'll upgrade to the latest iOS and wipe the phone clean. Then, avoid restoring at all cost, just sync Contacts and Calendar.
     
  21. labman macrumors 604

    labman

    Joined:
    Jun 9, 2009
    Location:
    Mich near Detroit
    #21
    Restore as new like I said in the 1st post. what you are talking about is really weird the 1st time I have heard of it. At lest unjailbroken. Still might consider tajing it to Apple to give her some piece of mind. they have acces to special diagnostic tools.
     
  22. NathanA macrumors 6502a

    Joined:
    Feb 9, 2008
    #22
    Is it possible that your friend has allowed paranoia to get the better of her? If the phones aren't jailbroken, the chances that they have been compromised are next to nil.

    When you say that the phones aren't jailbroken, and that scans on the Macs have turned up relatively clean, then it makes me wonder what reason she has to believe that ALL of her Macs and BOTH of her iPhones are "hacked."

    I'm not saying it's absolutely impossible, but the description so far makes me think that someone has an overactive imagination. (That, and to compromise that many machines without being detected would require somebody with a very special skill-set.

    -- Nathan
     
  23. Amazing Iceman, Dec 29, 2010
    Last edited: Dec 29, 2010

    Amazing Iceman thread starter macrumors 68040

    Amazing Iceman

    Joined:
    Nov 8, 2008
    Location:
    Florida, U.S.A.
    #23
    I also thought about that, but I've been working on these issues for several days, and did see some strange things happen. Some files were set to 0 bytes from one day to the next.

    I have also found evidence in the logs that show someone used her computer during several days she was away, and installed/removed some software, including AppCleaner, which forgot to delete from the Download files directory. :D
    Also, some utilities to access data in iPhones.

    So based on the above incidents and findings, I do no longer take it lightly.

    I have removed the MAC from the network and disabled all wireless connectivity.

    I have installed LittleSnitch to monitor strange activity. If there's something in those MACs, must be very deep that LittleSnitch can't see it.

    On the iPhones, I did find something. I'll create a new post to explain it.
     
  24. Unoiknow macrumors newbie

    Joined:
    Dec 6, 2013
    #24
    Im having the same exact issue almost.
    Is there a way to help me if I dont have a pc or mac? I will b getting a samsung tablet this month will that help me?
     
  25. tymaster50 macrumors 68030

    tymaster50

    Joined:
    Oct 3, 2012
    Location:
    New Jersey
    #25
    Restore?
     

Share This Page