nachtjenevel

Q: iPhone 6s hacked this morning

My iPhone 6s was hacked this morning, while I was using it.  It suddenly went to the lock screen of its own accord, and a message in what looks like phonetic Russian was displayed along with an email address of appleforgot03 at gmail dot com.  Swiping right requires me to input my security code, which I wasn't about to do.  I put it in airplane mode, immediately changed my Apple password, and am now in the process of factory resetting it (I live in a rural area of NE Scotland and it will take an estimated 4 hours to download the required software update).  How does this happen?  I have not downloaded any apps from anywhere other than the Apple App Store, my iPhone is not jailbroken and was bought brand new last November from Three.co.uk.  Two days ago I signed up on the Apple site to beta test the latest iOs release for iPhone - I've beta tested a few OS and used the official sign-up site, using my own iTunes account, etc.  The only time I was on an unknown wifi connection in recent weeks was at the Apple Store at Union Square mall in Aberdeen, Scotland, which I used for a short time to backup my iPhone to iCloud while I was in the store.  It didn't finish.  If the factory reset doesn't work I'll have to take it in to the Genius Bar.  I just want to point out this is not a jailbroken phone, and yet someone managed to hack it.  Clearly there is a security flaw *somewhere* here.

iPhone 6s, iOS 9.3.2

Posted on Jun 21, 2016 1:04 AM

Close

Q: iPhone 6s hacked this morning

  • All replies
  • Helpful answers

  • by ckuan,

    ckuan ckuan Jun 21, 2016 1:09 AM in response to nachtjenevel
    Level 7 (33,987 points)
    Jun 21, 2016 1:09 AM in response to nachtjenevel

    Since it was not jailbroken then there was no hack, maybe a spam message.

    Clear out your Safari cookies and

    do a force restart:

    http://support.apple.com/en-us/HT201559

  • by Loewchen,Helpful

    Loewchen Loewchen Jun 21, 2016 8:58 AM in response to nachtjenevel
    Level 1 (9 points)
    iPhone
    Jun 21, 2016 8:58 AM in response to nachtjenevel

    Exactly the same behavior on my both iPads. Swiping right without entering any password has worked.

  • by BBoiss,Apple recommended

    BBoiss BBoiss Jun 21, 2016 8:57 AM in response to nachtjenevel
    Level 4 (1,404 points)
    Apple Music
    Jun 21, 2016 8:57 AM in response to nachtjenevel

    Glad you got your account back. If you have not already setup your account with the advanced security options that Apple offers, I suggest looking into Two-Factor Authentication. What was essentially hacked was not specifically your hardware, but your iCloud account. You were right to update this.

     

    Two-factor authentication for Apple ID - Apple Support

     

    Also be wary of phishing emails as this is one of the most common ways for attackers to learn your login information. If you visit https://iforgot.apple.com/ and follow the prompts to reset your Apple ID password, you will learn that a standard account uses date of birth and security questions as protection. If someone learns these things, your account is no longer secure. The majority of time, these details are learned through phishing attempts through email, text message, or even just searching for the information online about a person on Facebook for example.

     

    Identifying fraudulent "phishing" email - Apple Support

  • by inanity,

    inanity inanity Jun 21, 2016 10:52 AM in response to nachtjenevel
    Level 1 (4 points)
    Jun 21, 2016 10:52 AM in response to nachtjenevel

    mine was hacked as well today in the same way!

    i am from austria. only a recovery helped!

    more and more entries in forums occured about this topic in the last hours.

    it seems that those hackers were very successful!

    apple should find this security leak!!!

  • by Mww101,

    Mww101 Mww101 Jun 21, 2016 2:19 PM in response to nachtjenevel
    Level 1 (4 points)
    Jun 21, 2016 2:19 PM in response to nachtjenevel

    Mine too, about the same time, same email.

     

    I've never fallen for a phishing email (almost been caught out once!) but do use my password in a few different places, I'm guessing the password was taken from one of the "leaks" of recent times (LinkedIn etc . . . .)

  • by BBoiss,

    BBoiss BBoiss Jun 21, 2016 2:27 PM in response to Mww101
    Level 4 (1,404 points)
    Apple Music
    Jun 21, 2016 2:27 PM in response to Mww101

    Mww101 wrote:

     

    Mine too, about the same time, same email.

     

    I've never fallen for a phishing email (almost been caught out once!) but do use my password in a few different places, I'm guessing the password was taken from one of the "leaks" of recent times (LinkedIn etc . . . .)

    You bring up an excellent examination regarding the use of the same or similar password in more than one location. This goes back to more common attack methods.  When you login to Facebook,LinkedIn, or your Apple ID, you do so with an email account and a password. If you were to find out the login information for one service, you could then attempt that same login information for other commonly used services such as an Apple ID and see if it works there as well.

  • by Mww101,

    Mww101 Mww101 Jun 21, 2016 2:31 PM in response to BBoiss
    Level 1 (4 points)
    Jun 21, 2016 2:31 PM in response to BBoiss

    I have always feared that it might happen due to the number of big leaks recently but only changed several "important" passwords. I guess I never considered my Apple ID an important one . . . until now!

  • by Jer102,

    Jer102 Jer102 Jun 21, 2016 6:53 PM in response to nachtjenevel
    Level 1 (4 points)
    Jun 21, 2016 6:53 PM in response to nachtjenevel

    The same happened to me this morning, both my iPad Air 2 and my 6s had the same lost mode activated. I went through and just tapped in my passcode and then changed my iCloud password.

     

    The really worrying thing is that I already had 2 factor authorisation turned on, so I'm really confused as to how this happened in the first place.

     

    Still - worst hacker ever - easy to circumvent.

  • by nhampd,

    nhampd nhampd Jun 21, 2016 7:05 PM in response to nachtjenevel
    Level 1 (4 points)
    Jun 21, 2016 7:05 PM in response to nachtjenevel

    My iPhone 6 also was hacked this morning by

    I woke up and discovered that I'm completely locked out of my phone this morning.

     

    I finding reason is hacker go to Icloud then active lost Iphone function


    So i go to iclound and reset password, and go to FInd to Iphone, Open my phone to deative lost iphone function, but it's offline.

    But my iphone before go to network by wifi normal, when hacker active lost iphone function, seem my iphone not connect wifi so i not active my iphone

     

    What should I do?

  • by inanity,

    inanity inanity Jun 23, 2016 2:40 AM in response to nachtjenevel
    Level 1 (4 points)
    Jun 23, 2016 2:40 AM in response to nachtjenevel

    sorry to bother the people in this thread. but, are women here? did anybody of you use the periode tracker app of masahiro kato when the hackers got into your phones? i might see a connection to it. looking forward to your answers!

  • by Suzmd,

    Suzmd Suzmd Sep 25, 2016 3:26 PM in response to nachtjenevel
    Level 1 (4 points)
    Sep 25, 2016 3:26 PM in response to nachtjenevel

    My iPhone 5c was hacked on Thursday, September 22 while I was at work. The message was also in phonetic Russian and had a gmail address to contact. I contacted Google to report the gmail address and I wanted to notify Apple as well. I typed the Russian text into Google. In addition to a translation of the text (instructions to contact the gmail address on the screen in order to get a password to unlock the phone), I found many other people had the same thing happen. I couldn't get an appointment to any of the Genius Bars in my area until September 27--too long to be without my phone. So I was helped by Reddit members to do a hard factory reset to my phone and also advised by them to enable 2 factor authorization, which I did. When I searched for help with this problem, no Apple forums were in the search results. I don't understand why.

     

    Why isn't Apple sending out warnings and more warnings about this? This is an escalating problem and Apple should let its customers know that they need to take steps to protect their devices.

  • by Michael Black,

    Michael Black Michael Black Sep 25, 2016 3:31 PM in response to Suzmd
    Level 7 (24,763 points)
    Sep 25, 2016 3:31 PM in response to Suzmd

    It is important to point out that from the posts here, the devices themselves have NOT been hacked. What has happened is people's AppleID password has been compromised giving the hackers access to their iCloud accounts and thus the ability to interact with the device remotely via find my iPhone connection.

  • by Suzmd,

    Suzmd Suzmd Sep 25, 2016 6:46 PM in response to Michael Black
    Level 1 (4 points)
    Sep 25, 2016 6:46 PM in response to Michael Black

    I think it's important to point out that it doesn't matter why an Apple device has been hacked, only that it, or something affiliated with it, can be.  Apple device owners need to be alerted to the fact that if they don't take certain steps their devices can for all intents and purposes be hacked--thus disabling the device--and this is a problem that is escalating for iPhone users.

     

    I'm not wanting to diminish the reputation of Apple products. I simply want to point out that if Apple products can be compromised for whatever reason, Apple should make their customers aware that not doing certain things can lead to real problems for the Apple device user. And that's most of us. If Apple sees a trend it's in their best interest to alert their consumers. I get the sense that Apple doesn't much care that their customers can't access their iPhones as long as they can say the devices themselves have NOT been hacked, they feel fine. I'm not feeling fine though. When Apple sees a problem it should alert all people who have an Apple device about an escalating problem, in this case, hackers finding a way to access iCloud accounts thus rendering the device itself useless.

     

    Why wouldn't you want to alert people to that? I don't understand. It's the not urgently alerting iPhone customers that potential minefields lie ahead for them if they don't take certain steps immediately that is bothersome. Why wouldn't you want to do that?

     

    If I'm missing something here I'm so sorry to belabor this. If I'm not, I hope someone at Apple will take into account what I've said.

  • by Michael Black,

    Michael Black Michael Black Sep 25, 2016 7:08 PM in response to Suzmd
    Level 7 (24,763 points)
    Sep 25, 2016 7:08 PM in response to Suzmd

    Because the device itself was not attacked or compromised. Your online account, your AppleID, was compromised. That is no different than having your gmail account hacked, your yahoo, your bank, your Sony or Xbox gaming account hacked. Any and every device tied to an online account is vulnerable should that or an account tied to the device account be compromised, and to the extent that account's information is on that device.

     

    You need to take account security seriously in order to protect devices you link to those accounts.

     

    If you had a strong screen lock passcode on the iphone, with a fingerprint, your data on the iPhone is indeed safe. Your iCloud account data is not if your iCloud account is hacked. An iCloud account hacker can inconvenience your use of a device, but they cannot get into the device itself. But your online account linked to the device is compromised.

     

    So again I will say, people's iPhones have not been compromised. Their iCloud accounts, and that limited subset of associated device infirmation, is compromised. The device itelf is not.  The iCloud account hacker does not have complete or unfettered access to your device, nor its contents.  They only have access to your iCloud account, not the device itself.  And even if you no longer owned an Apple device at all, they'd have the same access to that compromised iCloud account information.

     

    Apple does offer two-step verification on your AppleID and that protects ones AppleID even if you do not own any Apple devices - Frequently asked questions about two-step verification for Apple ID - Apple Support

     

    I am strongly in favor of people being alerted to account security, and device security. But the two things are not the necessarily the same. In the case of the posts I see here, this is an issue of online account security, and really has nothing to do with device security itself.

     

    People need to secure their AppleID and iCloud accounts, regardless of what they do, or do not do, with regard to their devices, or whether they even own an Apple device or not.