Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

My Safari tabs were remotely closed overnight

bmac89

bmac89

macrumors 65816
Original poster
Aug 3, 2014
1,388
468
Hello,

I had 2 tabs with websites open in Safari and 2 blank (favourites) tabs on my iPad 9.7” iOS 11.2
I switched off my iPad overnight and when I woke up this morning the 2 tabs with websites are gone and the 2 blank (flavourites) tabs are still open. I know from experience that the blank tabs can’t be closed remotely with iCloud. Private tabs were still open. I often keep tabs open and have never had this occur before.

iCloud Safari is on but I do not have any compatible devices that can see or close the tabs on iOS 11.
None of my devices have left the house or joined any network other than my home network. My devices have not been accessed by anyone else and my passwords have not been shared or entered on any other devices. I recently changed my iCloud password and of course use a strong password. I have two factor authentication switched on and have not had any requests. No new devices are listed under my iCloud account.
 
Well there isn’t much question to it. It’s pretty concerning though.

P.S. Your welcome to share how this could happen considering the conditions mentioned above?
If someone happened to brute force my password then how could two factor authentication be bypassed?
 
Last edited:
That was also my thought: What is your actual question?
You seem to believe that your tabs were closed remotely.
Other than the fact that your tabs were somehow closed, what leads you to believe that this was done "remotely", and not some glitch in your own iOS system that resulted in closed tabs?
 
  • Like
Reactions: arkitect, T'hain Esh Kelch and simonsi
DeltaMac said:
That was also my thought: What is your actual question?
You seem to believe that your tabs were closed remotely.
Other than the fact that your tabs were somehow closed, what leads you to believe that this was done "remotely", and not some glitch in your own iOS system that resulted in closed tabs?
Click to expand...

The reason I believed it to be remotely is because the 2 tabs with websites were closed but the 2 blank favourites tabs which are not iCloud tabs and cannot be closed remotely did not disappear. Also the private tabs which are also not iCloud tabs were not closed.
The only other time I have ever lost tabs is when I have intentionally cleared all website data. This closes all tabs including private and blank tabs and this is expected behaviour. If all tabs had gone I would be more inclined to think it was a bug. So whatever the cause is, it is concerning that this has happened.

I’ve never heard of a bug where some tabs close overnight while the device is switched off, however I personally know of two other people who had their iCloud accounts compromised recently. Both these people had two factor enabled but was not triggered. Their iMessage account was used on another device and they never received an accept/deny request or verification code on their trusted devices like they normally would when signing in. They received a notification on the lock screen to say their account is signed in on a new device and when unlocking their iPad with pin code it has notification pop up on homescreen saying their iMessage account is signed in on a new device with ‘ok’ as only option. When they went to do an iCloud restore the backup was no longer available. They were able to restore iCloud photos separately.

So even if these people had there password compromised or used a ‘low security’ password then why did two factor not do anything? How can someone sign in to your iMessage account without a trusted device being alerted to accept/deny and entering the required code on the new device.
 
bmac89 said:
...why did two factor not do anything? How can someone sign in to your iMessage account without a trusted device being alerted to accept/deny and entering the required code on the new device.
Click to expand...

https://en.wikipedia.org/wiki/Occam's_razor

Two factor auth didn't stop the intrusion because likely there wasn't any intrusion. The tabs closed for some reason but to conclude that means there was an actual intrusion attempt that bypassed your security is, based on that evidence, unsupported. Think about it, they succeed in getting that kind of access and...only close two tabs???
 
  • Like
Reactions: arkitect and T'hain Esh Kelch
bmac89 said:
So even if these people had there password compromised or used a ‘low security’ password then why did two factor not do anything? How can someone sign in to your iMessage account without a trusted device being alerted to accept/deny and entering the required code on the new device.
Click to expand...

simonsi said:
https://en.wikipedia.org/wiki/Occam's_razor

Two factor auth didn't stop the intrusion because likely there wasn't any intrusion. The tabs closed for some reason but to conclude that means there was an actual intrusion attempt that bypassed your security is, based on that evidence, unsupported. Think about it, they succeed in getting that kind of access and...only close two tabs???
Click to expand...

That question was regarding iMessage. So in regard to iMessage how does one sign into a new device and bypass two factor authentication? If you can’t bypass it then why did they recieve a signed in on new device message on the lock screen and a popup notification on homescreen with only option to press ‘ok’ and when they launched iMessage they had to sign in again.
[doublepost=1515059908][/doublepost]Also I have just checked my email account associated with iCloud account and have received an email from a legitamite Apple email address this morning.

noreply@email.apple.com
Find My iPhone has been disabled on iPad

I have checked settings > iCloud again and no new devices are showing.
 
Last edited:
Have you done the obvious and looked in the log files for clues regarding close events of those tabs or safari?

Jumping to the conclusion that you’ve been hacked is rather far fetched. Let’s just say if I did that the last thing I would do I leave a clue so obvious with something to which there is no gain for me.
 
  • Like
Reactions: simonsi
I have just tried switching find my phone back on and then turned it off again and the email I received is completely identical to the one I received this morning. All the full links are legitimate and the same.
[doublepost=1515061510][/doublepost]
cyb3rdud3 said:
Have you done the obvious and looked in the log files for clues regarding close events of those tabs or safari?

Jumping to the conclusion that you’ve been hacked is rather far fetched. Let’s just say if I did that the last thing I would do I leave a clue so obvious with something to which there is no gain for me.
Click to expand...

No I haven’t had a chance to plug it into the Mac yet. I’m not aware of any other method to view logs directly.
 
bmac89 said:
That question was regarding iMessage. So in regard to iMessage how does one sign into a new device and bypass two factor authentication?
Click to expand...

Without seeing what they did and how their devices are setup how can we know - you are entirely relying on second-hand reports of what occurred (and ask anyone who has done any proper IT support how reliable THAT is...).

It still doesn't alter the fact that you have made a great illogical (IMHO), leap in concluding you have been hacked...just because certain tabs <can't> be closed remotely doesn't mean that those that can, <must> have been.
 
  • Like
Reactions: jonblatho
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back