Factory Reset - Next Steps
I’ve been hacked! If I do a factory reset can I then go back and set it up for my use again like it is a new iPad? Will this get rid of any viruses or spyware? Thank you.
iPad mini 4, iPadOS 14
You can make a difference in the Apple Support Community!
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
I’ve been hacked! If I do a factory reset can I then go back and set it up for my use again like it is a new iPad? Will this get rid of any viruses or spyware? Thank you.
iPad mini 4, iPadOS 14
What, specifically, gives you cause for concern?
Providing that you have not attempted to jailbreak your device - or have bypassed protections by side-loading third-Apps (if you don’t know what this is, then don’t worry about it) - then it is highly unlikely that your device will actually have been infected with a virus or other malware.
However, there is one potential source of immediate issues with your iPad that you may need to check - this being for a vulnerability that is often exploited that gives the appearance of a malware infection. This involves your iPad/iPhone Calendar - the symptom being your Calendar appearing to have been populated with regular events that warn of malware infection.
Calendar Infection
Whilst not a malware infection in the traditional sense, if this exploit is observed on your device, it is highly probable that you were manipulated (via a simple click on a website link) into “subscribing” an additional (unwanted) Calendar to your device - and this unexpected Calendar is exposing unwanted calendar events and sending you unexpected “adverts” or other warnings.
If you see this issue, you’ll need to check for what’s out of place...
iOS/iPadOS13 and earlier: Settings > Passwords and Accounts
iOS/iPadOS14 and later: Settings > Calendar > Accounts
Look for an “account” that shouldn’t be in the list of accounts - as this will likely include the Calendar that contains all the unwanted events. When/if you find the suspect account, tap - then select Delete Account. This should resolve this specific problem in its entirety.
Malware
Most alerts that you see are pop-up messages from websites - these being designed to scare the unwary into giving away sensitive information - or to fool you into doing something that you shouldn’t.
Due to the system architecture of iOS/iPadOS, unless jailbroken, your iPad is not susceptible to traditional malware infection per-se. However, as with all computer systems, there are still vulnerabilities and exploits to which you remain at risk. Be wary of the myth that Apple devices are immune to malware. Consider that if the myth (and over-generalisation) were true, Apple would not expend considerable resources in developing and issuing regular security updates and patches for their products; we do see regular security updates to resolve and/or mitigate current and emerging malware security threats.
While your iPad is unlikely to be directly infected by malware, it is still possible to easily download an “infected” file to the iPad - which if transferred elsewhere still has the capacity to infect other computer systems with malware.
Perhaps the most significant area of immediate threats are browser-based attacks - many being launched via embedded links from webpages and received messages and email. These threats can largely be mitigated by installing a good Content and Ad-blocking product. One of the very best and most respected within the Apple App Store - designed for iPad, iPhone and Mac - is 1Blocker for Safari.
https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024
1Blocker is highly configurable - and crucially does not rely upon an external proxy-service of dubious provenance. All processing takes place on your device - and contrary to expectations, Safari will run faster and more efficiently.
Unwanted content is not simply filtered after download (a technique used by basic/inferior products), but instead undesirable embedded content blocked form download. A further benefit on metered services, such as cellular connections where you data may be capped or chargeable, this not only improves speed but also saves you money.
When using a good quality Content blocker, a high proportion of otherwise inescapable risk when using your Safari browser, or linking to external sources from email, is effectively mitigated before it even reaches you. 1Blocker has also recently introduced its new “Firewall” functions - that are explicitly designed to block “trackers”. Being implemented at the network-layer, this additional protection works across all Apps.
There are additional protections that can enhance protection further, such as using one of the better security focussed DNS Services in preference to automatic DNS settings. This can either be set on a per-device basis in Settings, or can be set-up on your home Router. I recommend using one of the following services, for which IPv4 ad IPv6 server address are included here:
Quad9 (recommended)
9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
OpenDNS
208.67.222.222
208.67.220.220
2620:0:ccc::2
2620:0:ccd::2
Cloudflare+APNIC
1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
Use of the above DNS services will help to shield you from “known bad” websites and URLs - and when used alongside 1Blocker, provides defense in depth.
I hope this reassurance and guidance proves to be helpful in resolving any issues with suspect malware and malicious websites.
What, specifically, gives you cause for concern?
Providing that you have not attempted to jailbreak your device - or have bypassed protections by side-loading third-Apps (if you don’t know what this is, then don’t worry about it) - then it is highly unlikely that your device will actually have been infected with a virus or other malware.
However, there is one potential source of immediate issues with your iPad that you may need to check - this being for a vulnerability that is often exploited that gives the appearance of a malware infection. This involves your iPad/iPhone Calendar - the symptom being your Calendar appearing to have been populated with regular events that warn of malware infection.
Calendar Infection
Whilst not a malware infection in the traditional sense, if this exploit is observed on your device, it is highly probable that you were manipulated (via a simple click on a website link) into “subscribing” an additional (unwanted) Calendar to your device - and this unexpected Calendar is exposing unwanted calendar events and sending you unexpected “adverts” or other warnings.
If you see this issue, you’ll need to check for what’s out of place...
iOS/iPadOS13 and earlier: Settings > Passwords and Accounts
iOS/iPadOS14 and later: Settings > Calendar > Accounts
Look for an “account” that shouldn’t be in the list of accounts - as this will likely include the Calendar that contains all the unwanted events. When/if you find the suspect account, tap - then select Delete Account. This should resolve this specific problem in its entirety.
Malware
Most alerts that you see are pop-up messages from websites - these being designed to scare the unwary into giving away sensitive information - or to fool you into doing something that you shouldn’t.
Due to the system architecture of iOS/iPadOS, unless jailbroken, your iPad is not susceptible to traditional malware infection per-se. However, as with all computer systems, there are still vulnerabilities and exploits to which you remain at risk. Be wary of the myth that Apple devices are immune to malware. Consider that if the myth (and over-generalisation) were true, Apple would not expend considerable resources in developing and issuing regular security updates and patches for their products; we do see regular security updates to resolve and/or mitigate current and emerging malware security threats.
While your iPad is unlikely to be directly infected by malware, it is still possible to easily download an “infected” file to the iPad - which if transferred elsewhere still has the capacity to infect other computer systems with malware.
Perhaps the most significant area of immediate threats are browser-based attacks - many being launched via embedded links from webpages and received messages and email. These threats can largely be mitigated by installing a good Content and Ad-blocking product. One of the very best and most respected within the Apple App Store - designed for iPad, iPhone and Mac - is 1Blocker for Safari.
https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024
1Blocker is highly configurable - and crucially does not rely upon an external proxy-service of dubious provenance. All processing takes place on your device - and contrary to expectations, Safari will run faster and more efficiently.
Unwanted content is not simply filtered after download (a technique used by basic/inferior products), but instead undesirable embedded content blocked form download. A further benefit on metered services, such as cellular connections where you data may be capped or chargeable, this not only improves speed but also saves you money.
When using a good quality Content blocker, a high proportion of otherwise inescapable risk when using your Safari browser, or linking to external sources from email, is effectively mitigated before it even reaches you. 1Blocker has also recently introduced its new “Firewall” functions - that are explicitly designed to block “trackers”. Being implemented at the network-layer, this additional protection works across all Apps.
There are additional protections that can enhance protection further, such as using one of the better security focussed DNS Services in preference to automatic DNS settings. This can either be set on a per-device basis in Settings, or can be set-up on your home Router. I recommend using one of the following services, for which IPv4 ad IPv6 server address are included here:
Quad9 (recommended)
9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
OpenDNS
208.67.222.222
208.67.220.220
2620:0:ccc::2
2620:0:ccd::2
Cloudflare+APNIC
1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
Use of the above DNS services will help to shield you from “known bad” websites and URLs - and when used alongside 1Blocker, provides defense in depth.
I hope this reassurance and guidance proves to be helpful in resolving any issues with suspect malware and malicious websites.
Unless you jailbroke your iPad, you do not have viruses or spyware. Your device wasn't hacked either. An account on your device or your Apple ID may have been compromised, but not hacked. What makes you think that you have all of this going wrong with your device?
A restore to factory will wipe the iPad and bring it back to factory with the latest iPadOS it will run. From there, you can add content again, however if you believe an account has been compromised, change your passwords and do not use a backup of the iPad to restore it. Here are the instructions for a restore to factory. Restore your iPhone, iPad, or iPod to factory settings - Apple Support
Got email claiming access to camera and contact list. Family member said they heard voices while downloading a movie. Activities alluded to may have occurred. Concerned we are being spied on and some awkward situations taped and available for transmission. Worried…thanks for help.
Got an email claiming access to camera and contact list. Family member said they the they heard noises and voices coming from iPad while downloading a movie. Alarmed we are being spied on.
Factory Reset - Next Steps