My iPhone 13 Pro Max is being hacked

To the OP: Sorry OP means the original poster. It’s not unusual that you are unfamiliar with SSH or anything else mentioned.

Those things all do sound like they warrant further investigation. It can be really tricky to locate something improper on a device and know for certain that it shouldn’t be there and many people struggle with finding problems and do whatever it is that needs to get done to fix them.

If I were you I’d take your phone to the Genius Bar and talk to them about your concerns. Obviously if they try to dismiss them as impossible just ignore them and don’t let it upset you. Instead focus on the specific things you mentioned here how your security checkup says “unable to gather information.” That’s not normal but it’s not conclusive of anything either way.

Tell them you’re concerned about your Wi-Fi settings bc it describes them as “managed”. btw do you live in a community where Wi-Fi is provided to a large area or comes from more than a single Wi-Fi router that you have somewhere in your home? That could explain the term managed but still it’s good to be on the lookout for that type of thing.

For your audio and camera being used are you also seeing a red green or orange dot appearing in the corner of your phone or do you you find the camera app open or something? Your iPhone may be set to revert to last used settings when you reopen the camera app so you may want to turn that setting off to see if that stop the filters from behaving unusually. If not I’d have the camera looked at.

There are dozens of other things that you could do to investigate this but in general you should always calmly approach such problems and start from the most common and easy to fix possibility like simply adjusting a setting before trying to ascertain the much more difficult question of if your phone has been accessed without your permission. I say difficult because when that does occur whoever did it probably has some interest in not getting caught so evidence may be deleted or hidden from you anyway. Either way just because you can’t prove it doesn’t mean it didn’t happen.

If you are really concerned that your phone has been subject to some sort of unauthorized access you can always back up your data then perform a factory reset of your phone.

Goodoooo-

If you really want to rule out the possibility of hacking, you can make a full backup of your data, then factory reset your device without migrating from the backup. This will remove any possible malware (though research has indicated that Pegasus may be able to survive resetting on Android devices). Use the phone for a bit without migrating, and see if the issues persist. If they do, it's a hardware issue and your device should be checked for fault. If the device is fine, then continues to be fine after migrating your data, it could have been a temporary problem. If it's fine before migrating, then continues after migrating, that would certainly advance the case for a malware infection.

How to back up your iPhone, iPad, and iPod touch - Apple Support

Erase iPhone - Apple Support

Unless you jailbroke your phone it has not been hacked. For all practical purposes iPhones that are up to date with iOS updates cannot be hacked. But as you have iOS 16 go to Settings/Privacy & Security, scroll to near the bottom and run Safety Check.

Lawrence Finch and KiltedTim are correct in that, for the most part, iPhones cannot be hacked. I'll try to explain exactly why- the most sophisticated and widely known iPhone hack is Pegasus, run by the Israeli spyware company NSO Group. However, deploying Pegasus takes:

• About $500,000 USD just to install it on the device
• About $650,000 USD to actually spy on just ten phones (more targets means the price increases)
• A "service fee" of about 17% of the total per year
• A massive server backend, generally installed in the country for the government (it self-destructs if it can't communicate for more than two months to erase evidence)
• A malicious link, wireless transceiver, physical access, or an outdated version of iMessage, Apple Music, or Photos to actually install the spyware

Additionally, NSO won't sell to individuals, only verified countries. The last, and most important part, is that Pegasus is completely undetectable. It's impossible to find any trace of it during normal use of your device. In fact, it was only discovered when an Arab human rights activist received a dubious text, which was forwarded to the University of Toronto. After discovering the exploit, Apple had a fix ready in ten days. Apple's security team now offers massive amounts of money for even small exploits, all the way up to a $2,000,000 bounty for exploits involving Lockdown Mode. You would have to be in a high-risk country, too- the only known NSO clients are Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Togo, and the United Arab Emirates.

Regarding the mysterious behavior, there are a few things you can check. It's possible your device is managed by a device management profile (MDM). Go to Settings  > General > VPN & Device Management. If you don’t see any profiles, then no device management profiles are installed on your device.

The photos look fine to me- it's likely the lighting, and the iPhone 13's permanent HDR smoothing effect. The Google Captcha page is a result of having Lockdown Mode enabled- Apple warns that normal functions may not be available.

You can also check to see where you're signed in - Check your Apple ID device list to see where you're signed in - Apple Support

To keep it simple NO ONE can ever access an iPhone remotely, with or without permission. About the only vulnerability is your Apple ID account, and if you have 2 factor authentication enabled for it and a strong password that can’t happen either, unless you fall for a phishing message and give some criminal the “keys to the kingdom”.

Here’s more information on phishing→Avoid phishing emails, fake ‘virus‘ alerts, phony support calls, and other scams

To reassure yourself, go to Settings/Privacy & Security/Safety Check (iOS 16 only)

I had similar issues. I’m sorry that you are experiencing this. An advisor from Apple Support had helped me with my issues. We ended up as the very last option just completely wiped my iPhone clean through iTunes. Then I had to set up a brand new iCloud account with a new Apple ID etc. I have all my apps except the ones I had purchased through my old account. I wrote all of them down and my passwords, contacts, everything important before the wipe so I would have them for my new account. This was my very, very, last resort, after trying every possibility that we could think of to fix my issues. I know it’s not something that anyone wants to do, but I just wanted to help since I know what you are have been going through.

Best of Luck!

Can you be hacked? Technically, yes. Are you worth the time, effort, and expense to hack? No. I can pretty much guarantee that you're not. Neither is the OP. Odds are, no one who's likely to post here about being 'hacked' is worth the (quite literally) millions of dollars worth of tools that are required to do so.

It's safe to say that 99.99% of all the posts here claiming that their phones have been hacked (not to mention computers, thermostats, TVs, etc. in many of these posts) are the result of a lack of understanding, ignorance of how computers and phones function, and pure paranoia.

For all practical purposes, An iPhone that has not been jailbroken or similarly tampered with can not be "hacked". If you're high enough on some repressive government's hit list, sure... they could target you. And Apple now has tools to combat that. But your ex's cousin who is a "developer" can't do it.

Your online accounts... That's a different story. In every case here where someone claims to have been "hacked" that can actually be traced to some malicious action, it is always an unsecured/poorly secured online account and/or someone who fell for a phishing scam and effectively willingly gave a bad actor the credentials for one or more of their accounts.

Yes, Apple addresses issues with every update. That’s because cybersecurity is an arms race, not a wall that you build once and it keeps the Visigoths out forever. So every time a vulnerability appears Apple fixes it quickly. Most of them are not even in the “wild”; they are found by cybersecurity researchers who actively look for them - because Apple pays huge bounties for any verified reports. One such researcher was paid $250,000 earlier this year, and the total Apple has paid just this year is over $1 million. If you are up to date the chances of your phone being hacked are close to zero - unless you are a “target” of a repressive government. There are tools that can hack an iPhone; the starting price for such a tool is around $5 million. So if you are a dissident or journalist living in a repressive society, a political rival of a dictator, or a criminal mastermind you should be worried about your phone being hacked. But Apple even has something for this: it’s called Lockdown Mode. Read about it→About Lockdown Mode - Apple Support

The research in question was done by Amnesty International and Citizen Lab, two independent organizations that ran extensive tests on Pegasus. According to Citizen Lab, as of Spring 2019, a feature of Pegasus (described as "a chip-level attack") would cause Android devices to continue to be infected after a factory reset.

Citizen Lab currently believes that an infection with Pegasus spyware can survive a factory reset on some Android phones. However, based on our experience, we do not know the full range of devices for which this applies. Therefore, we recommend replacing your phone if you have been targeted by Pegasus spyware.

As for iPhone, a factory reset erases everything, then re-downloads iOS from Apple's servers. It's why you need an Internet connection to factory reset (or a computer with the same).

There is nothing there that looks like a hack. There are roughly 2 billion iPhones in use. You are saying that out of those 2 billion yours is the only one that has been hacked? I seriously doubt that. Your photos are the result of unusual lighting, aggravated by Apple’s photo software’s attempts to fix it. The “google” page looks like a lame phishing attempt, or it could be that your Wi-Fi router has been hacked and linked in to a botnet, but that has nothing to do with your iPhone.

LatriciaP wrote:

Kindly cite the source of your claim that "iPhones cannot be hacked." I mean something authoritative like a technical document from Apple, statements made by any person who actually has verifiable experience successfully identifying security vunerabilities, info from any government entity, etc. I don't mean "my friend told me" no matter if he's used a computer for decades or is very smart.

My exact words were "for the most part, iPhones cannot be hacked". This is a true statement, assuming your device is up to date and reasonably secured. Pegasus, obviously, proves that iPhones can be hacked, just not easily. My post was not intended to rule out every possibility- it's simply to illustrate the unlikeliness of a hacked iPhone. As for the security aspects, Apple provides over 250 pages of platform security documentation, which can be found here - Apple Platform Security - Apple Support

As for iPhones not being 'hackable'- it's true. Pegasus (and other spywares) work by jailbreaking the device, allowing root access.

the type of specifics you've mentioned about that vendor sound like the sort of thing that wouldn't be made public. To be honest it makes me wonder what the source of that info is. Regardless it just doesn't translate into evidence to support your conclusions. The cost of their software isn't relevant to the fact that vulnerabilities do exist or that they have actively been exploited and the pieces of information mentioned could never be cobbled together to determine how likely anything is to occur.

NSO Group isn't shy about their software- they have their own website here. As for the other info, it's been reported by numerous media outlets including CNN, Washington Post, etc. If you trust Wikipedia (which is a lot more reliable now), all the points are summarized here. While I agree that the software cost doesn't directly relate to the presence of active vulnerabilities, it does contribute to my main point that his device is almost certainly not hacked. As NSO only sells to governments (billed as "counter-terrorism"), the government is highly unlikely to drop millions on a cyberattack unless they deem it absolutely crucial.

I did include various possibilities for the odd behavior- though I must say that certain aspects of the issue are puzzling, especially the Safety Check issue. However, many of the issues don't seem related to hacking (the entire point of a spyware is that it's undetectable).

About Lockdown Mode - Apple Support

iPhone has a feature called Secure Enclave that verifies the authenticity of the software before running it. According to Apple:

Subcomponents like the T2 Chip and the Secure Enclave also perform their own secure boot to help ensure they only boot known-good code from Apple. The update system is designed to prevent downgrade attacks, so that devices can’t be rolled back to an older version of the operating system (which an attacker knows how to compromise) as a method of stealing user data. (bold added)

Apple also has an article discussing the integrated SoC in iPhone. Because Apple (unlike Android) makes the phone that runs their software, they are able to make every feature mesh as efficiently as possible. Regardless, my posts (and the posts of others, too) have not been to completely eliminate the possibility of an iPhone being hacked. They have simply been to illustrate the improbability of it happening, especially to someone who is not a person of interest by an oppressive or controlling government.

Wait are you being serious? I'm actually confused, do you not know about this stuff or are just kidding or something?

Just in case... there's so much evidence from so many reliable sources but the info below is from Apple. There are even more authoritative and technical sources than this too...

"iOS 15.6.1 and iPadOS 15.6.1

Released August 17, 2022

Kernel

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2022-32894: an anonymous researcher

WebKit

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: An out-of-bounds write issue was addressed with improved bounds checking.

WebKit Bugzilla: 243557

CVE-2022-32893: an anonymous researcher"

About the security content of iOS 15.6.1 and iPadOS 15.6.1 - Apple Support

It indicates that these were actively being exploited. These are not isolated instances either.

iOS 16.1 was released today. Here are the specific exploits (19 of them) that were addressed with that update: About the security content of iOS 16.1 and iPadOS 16 - Apple Support

Here's an actual citation too:

Hern, Alex. “Apple Security Flaw ‘Actively Exploited’ by Hackers to Fully Control Devices.” The Guardian, August 18, 2022.

CVE-2022-32893 Detail

Literally me too man. Disable ALL apple apps by deleting them turn on screen time content block and block everything. It’s the only thing that helped me. Oh and disable ALL iCloud services literally all. They download the hacked through iCloud. Mine was in Notes, reminders, health, watch and calendar. But since I disabled and deleted all apps it’s worked fine. Just back everything up with Google or find an app that you feel secure.

[Edited by Moderator]