Spoofed messages were sent from my iPhone

harpreet195 wrote:

Hello Everyone. I really appreciate your efforts in trying to resolve my issue but surprisingly, the security of Iphone has been compromised. The unauthorised user has intrude into privacy of Apple and was able to send spoofed messages. Despite Apple being a big name, the customer care services expressed their inability to help. All i can say is stay alert

ABSOLUTELY NOT. The security of your iPhone has not been compromised. There are “white hat” hackers who constantly try to compromise the security of iPhones, and they fail almost constantly. Why do they do this? Because Apple will pay a sizable bounty to anyone who can report a security vulnerability. Earlier this year Apple paid one security researcher $100,000, so there is strong incentive for finding vulnerabilities in iPhones. Which pretty much guarantees that there aren’t any.

There are two possible causes of your experience. The first and most likely is that your email address or phone number was spoofed. This is trivially easy to do, and has nothing to do with you or Apple. And neither you nor Apple can do anything about it.

The second is that your Apple ID was compromised. If it was this is 100% under your control and there is nothing Apple can to to protect you if you don’t have a strong password that you keep secret AND you have 2 factor authentication on your phone.

Related to the 2nd is that your phone number was compromised. This is possible because most carriers are lax about SMS security. There’s nothing you can do about this other than change your phone number.

When you go to Messages on your phone do you see the messages that were sent?

harpreet195 Said:

"Hello Everyone. I really appreciate your efforts in trying to resolve my issue but surprisingly, the security of Iphone has been compromised. The unauthorised user has intrude into privacy of Apple and was able to send spoofed messages. Despite Apple being a big name, the customer care services expressed their inability to help. All i can say is stay alert"

-------

You are welcome.

Excellent Troubleshooting with Others!

Where to Go from here:

Having been hacked, most certainly consider modifying your credentials:

• Modifying: your login credentials (Using Both a New eMail and a New Password for each and all sites)
• Associating: a different method of payment to your account
• Enabling: Two-Factor Authentication for Apple ID and for all other accounts that have such an applicable option

i would check with carrier to confirm spoofing, they should have record. then address other issues moving forward. Good Luck. :) If carrier confirms spoofing, a phone number change may end up being in your future.

harpreet195 Said:

"spoofed messages were sent from my iphone"

-------

Rather than on your iPhone:

Someone probably spoofed your phone number on their own device upon calling someone.

Contact your Carrier - See if you need to file a claim on this.

harpreet195 wrote:

spoofed messages were sent from

my iphone

It is trivially easy to spoof a phone number. Just the fact that it was your phone number does not mean that it was sent from your phone.

Please,

is this your first sign of activity? You had Support acknowledgment of access so soon? Yes, please stay alert. Did you also notify carrier? Spoofing involves them also. I have a list of sites of which to report to should you want it. It’s best to keep detailed records both in hard copy and electronic form. Screenshots of everything, create PDFs and store in files and Folders. Check Website Data every night and morning. Take pictures and clear out history. I print out hard copies of screenshots every two weeks and attach to hard copy logs. Of course changing password, passcodes and I even adjust Face ID regularly. Apple Privacy goes both ways. Until Engineering and such have an opportunity to isolate and develop a “patch” there won’t be an announcement. That could take awhile. The more it’s heard about the quicker a solution will come about. . Watch Shortcuts and books. Delete if you don’t need them. Use the Homepage Search feature frequently. Just enter random letters and only pay attention to things there that draw your attention. It’s a valid search option and will pull from many things that are not related to your issues. I do not use Siri and it is off in all settings. These are my personal choices. There are many resources available to assist and guide you. Good luck to you and please update if you feel so inclined. I will keep my eye out on post. I’m sorry.

harpreet195 wrote:

Hello Everyone. I really appreciate your efforts in trying to resolve my issue but surprisingly, the security of Iphone has been compromised. The unauthorised user has intrude into privacy of Apple and was able to send spoofed messages. Despite Apple being a big name, the customer care services expressed their inability to help. All i can say is stay alert

iOS / iPadOS devices cannot be hacked or infected with Virus / Malware / Spyware if it is updated to latest iOS/iPadOS, unless you have intentionally downloaded spurious softwares or unauthorised apps directly from internet and installed on your device or/and have Jail Broken. 

It (Hacking) also depends on how careful are you in sharing sensitive and valuable informations of your iPhone such as Passcode, Password etc with your friends and family members.

You deserve much respect for your level of expertise but I have to challenge you here. The recent update was for a reason. Please, again Apple is extremely secure and as I said you would stand in a very small population of users that may have had security issues but can not is not the accurate language. Highly unlikely, extremely rare. That would be the case. We’ll have to wait and here what the update patch was for. As for the above post. If they were sent to SMS contacts or contacts that were in an email account, it certainly is possible and I would recommend contacting carrier for confirmation. They will definitely have record of spoofing. That is a carrier issue. The concern regarding the actual contacts is for Apple Senior Advisors.

The below has nothing to do with spoofing, Just something to consider. Also, identified as extremely rare. Reserved mostly for a specific population. Please if you care to at all vet the first source. I research my research then check again. :)

https://apple.slashdot.org/story/20/04/22/1528227/researchers-say-they-caught-an-iphone-zero-day-hack-in-the-wild

https://en.wikipedia.org/wiki/Zero-day_(computing)

very true about phones and spoofing . Only a carrier can confirm and deal with that. As I identified Apple is very protective of security and privacy in both directions. It’s highly unusual for them to not direct you to carrier. Ours was very cooperative. There are highly specialized and sophisticated groups and that operate specifically to identify and attempt to exploit possible weaknesses in iOS but that is rare and the end goal generally has little to do with a user but is related to a goal. Just take whAt tips fit your needs and see what one it will be alright.

That’s an excellent point. I automatically assumed, not a good practice, that it was text messages and commented as so because that’s generally what happens when “spoofed” . Now I’m curios. If a number has been spoofed a good carrier should work with you. There’s suggestions for outside assistance. It’s a very long wait for them in general but with COVID it’s extended out for a minimum of 6 months.

You left out the fact that 13.5.1 was released immediately to close this vulnerability. Cybersecurity is not like building a wall as the only protection. It is an arms race. And Apple stays ahead of it better than anyone else in the industry.

Often land to mobile numbers and short codes are used to mimic a phone number and almost always send texts not phone calls.

I did. I was thinking about that last night. Meant to correct myself this am but got distracted. I did slightly address it by including Apple’s statement in third link. They mentioned that but I should have also. I get frustrated when the finger is always pointed at the User. That is generally, almost always, the case but maybe, just maybe.....there are extreme cases where it’s not. This has been out there since 2016, it’s believed. I should also include that there is some research that identifies a completely different issue that was user behavior, that could have required a patch also. There is very little information on that but it is been written about.

.

This is probably not encouraged and please, I am not attached to what level I am at in any way. You have a lot of experience. I would not take up room on this post but there hasn’t been a reply so I’m hoping issue is resolved for them. I received two emails on 7/4 that I had leveled up to level 2 then 3. My profile still indicates level 1 with the appropriate amount of points, I think. Have you found the page takes awhile to catch up? Just curious. I hope I shouldn’t be reported for using space on this post. Thank you.

harpreet195 wrote:

spoofed messages were sent from

my iphone

Hi. I added a comment on your post that is not related to your issue. My apologies for taking up space on your post. I know the issue must be important to you. I hope it worked out.