iOS spying, icloud hacking

The best malware protection for iOS is

a) use a strong complex password for screen lock (instead of a numeric PIN) and use touchID or faceID (so you only need the password occasionally, like after an iOS update restarts it).

b) DO NOT share an AppleID with anyone, ever, for any reason. Keep your AppleID password private.

There is no real malware software for iOS as any such app would itself be sand-boxed, just as all apps are. So any such app could do nothing but scan itself and its own file space and nothing more.

Currently, the only remote means to exploit any iOS device running iOS 9.3.5 or newer is if someone knows your AppleID password and can login as you to your iCloud account. If you use AppleID 2 factor authentication, along with the password, they would need access to one of your trusted devices as well.

Otherwise, to compromise an iOS device requires physical access to it, for a prolonged period to connect it to a computer and install hacks from a direct physical connection to the iOS device.

If that was a possibility in the past, then all you can do now is erase the device or devices, and set them up as new (DO NOT restore from a backup). With just about any device (smart phone, laptop, desktop, server etc) that one suspects has been compromised, that really is the only way to ensure anything installed is expunged - erase the device and setup the operating system as if it were a new device. Do not use backups, or copy old files or folders - set up everything from scratch.

In addition to everything Michael explained:

Your carrier has all sorts of protections agains phone cloning. I worked in the cellular industry for 20 years. I don't think that I saw a cloned phone in the last 10 years I worked there.

To protect your Apple ID, you should enable Two-Factor Authentication. Read the entire article before setting it up. And, understand that, once you set it up, you only have two weeks to change your mind. However, also, don't let people scare you out of 2FA. If you set it up properly, it's very unobtrusive and will protect your account.

Two-factor authentication for Apple ID - Apple Support

I would also add that your last bullet “linked apple accounts” - there is no such thing and no mechanism to do so. Again, this assumes that an AppleID is not being shared or used by two people. In that event, the accounts are not “linked” - each person is simply logging in to the exact same single account for every Apple service, since all the server knows is the AppleID being used and nothing about who is using it.

But as long as everyone uses their own unique and strictly private AppleID for their Apple service accounts (e.g. iCLoud, FaceTime, iMessage, these forums, the Apple online stores), then there is no mechanism for any two Apple service accounts to be “linked”

I also agree that 2FA should not be an issue for people who set it up properly and understand how it works. I used 2 step verification for years without issue, and switched to 2FA as soon as it was offered, and in the years now I have been using 2FA, I have never had an issue with it. I do have multiple trusted Apple devices, but I also have a backup SMS capable telephone number on my AppleID as well (a google voice number in my case).

I’d very strongly encourage bringing in some folks familiar with these issues, and would likely start with a call to the national domestic violence folks, or with a regional or local equivalent organization.

Why? Even simple mistakes and innocent omissions here can be deadly.

Prematurely purging stalkerware might not have the intended results.

And iOS security itself is one small part of what can arise here, unfortunately.

Some of what’s described in earlier replies can potentially increase the risks and the hazards for the victim.

Get some help from folks that have been through this.

Not just with iOS and an iPhone and related security, but the rest of what can arise here.

As for SIM jacking and cloned phones, that’s been a business for a while. It’s fairly rare, but it can and does happen. Some of the carriers’ own folks have purportedly been selling that access, too.

MrHoffman wrote:

Some of what’s described in earlier replies can potentially increase the risks and the hazards for the victim.

I am not necessarily disagreeing with anything you posted, but I am curious about this one statement? Could you elaborate some, so I can learn where I may have said something that in some way could “increase risk”? I admit since the OP mentioned “ex” I assumed the people involved are no longer in physical proximity to each other.

Michael Black wrote:

MrHoffman wrote:

Some of what’s described in earlier replies can potentially increase the risks and the hazards for the victim.

I am not necessarily disagreeing with anything you posted, but I am curious about this one statement? Could you elaborate some, so I can learn where I may have said something that in some way could “increase risk”? I admit since the OP mentioned “ex” I assumed the people involved are no longer in physical proximity to each other.

Do you know with certainty that there’s no longer physical proximity?

Do you know if there are tendencies toward violence?

Are there sensitive photographic materials that might be released? Blackmailed?

No risk of copied house keys?

Is there evidence here that can or should be preserved?

Is removing the stalkerware while missing some other risk going to prematurely inform the aggressor of the victim’s plans and efforts?

Are there community resources and victims’ networks available? What are those?

I’ve bandaged a number of victims of domestic violence over the years. I’ve encountered other victims that died. I know Apple tech and security well. I’d still call in help here.

An iPhone lock-down is one part of a potentially far larger and entirely non-technical and variously legal and sometimes deadly problem.

To your first five points, no of course I have no knowledge, nor do you nor anyone else here on the forums . As to the others, these are not some sort of personal crisis intervention resource and I do not apologize for my response to them. I have (unfortunately) intimate knowledge of spousal and partner abuse and what it can end up as, and this is not a place to respond to them, nor is the OP providing anything that allows a rational response to such potential issues.

These are technical forums about Apple devices and Apple software and services. I responded as such, and will always respond as such. As to other legal, ethical or pragmatic life issues, I cannot speak to, nor can anyone speak to these in these forums. To claim otherwise is misleading.

if the op or the person they represent need further, non-technical support, they should seek it. But I do not feel, at all that anything I posted poses them to any “increased risk” then they currently are at. You seem to think your experience with domestic violence is somehow unique while it most certainly is not. I’ve seen more than just merely “bandaged” people.

Disabling any further link or connections to their AppleID and device cannot but help them. I stand by that, based on my own life experience.

And I was not seeking some controversial discourse with you. I was merely asking if, given the OP is not the victim in question, and they were asking about iOS exploits (possible or other wise), what you may have known that I did not. Assuming any thing else is something I try to avoid in these forums as it just leads to mindless speculation about situations none of us know nothing about.

MrHoffman wrote:

I’ve bandaged a number of victims of domestic violence over the years. I’ve encountered other victims that died. I know Apple tech and security well. I’d still call in help here.

As the original poster said they were "inspecting the case", I'm working on the assumption that there is a very good chance they are an expert in the non-technical issues here.

IdrisSeabright wrote:

As the original poster said they were "inspecting the case", I'm working on the assumption that there is a very good chance they are an expert in the non-technical issues here.

While intending no insult toward any involved here, I’d rather not make such assumptions. This particularly given that an iPhone is not a rare device and should already be addressed in available materials for any organization dealing with domestic violence and abuse.