Been hacked. The notice comes from errolandtessa. What do I do?
I clicked on a photo of a qr code I scanned for instructions to use products on my new iphone. The message came up immediately, tells me all operations are being tracked. Below is a familiar white strip saying to open the link in the app store, which I've not done.
Now what?
[Re-Titled by Moderator]
iPhone 14, iOS 17
Restart your phone. As long as you have not jailbroken your phone, it cannot be hacked. There is no iPhone message from Apple that will come up saying all of your operations are being tracked and it would make no sense for a hacker to announce that they are tracking you unless they want money or personal account information from you. If the QR code opened up a website, you can just navigate to a different site.
As long as you did not give them your Apple ID/Password, there is nothing else you need to do.
shelbiladwig wrote:
What can u do if ur iPhone has been hacked
What are you seeing that makes you think your phone has been hacked? It's very unlikely that your phone has been hacked. However, that doesn't mean you aren't having a problem. If you explain what those problems are, people might be able to help you resolve that.
All these posts about "hacked" iPhones. Firstly why would anyone want to "hack" your phone??? What would they gain?
Unfortunately what you neglect to consider in your accurate, rational and considered response is the irrational factor: those jilted lovers or even the psychiatrically unwell who want to coercivally control and stalk other people. And while these folks might not be expert hackers or whatever, they often are quite good at wrangling passwords out of their victims. So it's not money or state secrets that are in question but the safety of people at risk from more mundane - and far more common - abuses.
So yes, their phones are not hacked. But their passwords might be compromised and people who do not wish them well may be stalking them with who knows what in mind. That's far more dangerous than accessing cat photos and Bob's phone number. Important to bear that in mind.
Troubletaker88 wrote:
I beg to differ I am on my eight iPhone, three brand new 13s and five iPhone 15 Pro maxes three ultra watch twos and 26 iCloud accounts as well as 14 phone numbers since March 13 24 and it is now September 20 of 24 and I assure you I have reset re-send hundreds of passcode passwords into Apple every week to do a factory reset averaging 8 to 10 hours a day fighting my phone oh and two androids all hacked by my soon to be ex-husband! It is absolutely possible for an iPhone to be hacks
After even two or three iterations of replacement devices and of multiple new Apple Accounts, I would have thought the futility of that approach would have become clear. Twenty-six is an investment in time and effort, too. And would have become particularly expensive.
You’re either an immensely valuable target for folks with access to espionage tooling or such, or there’s something else going on. Whether that other option might involve password compromises from video or other techniques, or control of password reset paths, or otherwise?
I would have also thought that repeating requests for assistance (and inevitably getting similar or the same suggestions as replies) would have been clearly become problematic, too. You’re just not going to get new or different suggestions here, not after having gone through compromises to twenty-six Apple Accounts.
You’re likely going to need direct and local assistance with your security (or with whatever else is happening here if not a breach), assistance from those familiar with these sorts of cases in your area, with other providers for other potential non-IT-related issues, and potentially also legal advice given the unauthorized alleged access here may be considered a crime in various legal jurisdictions.
Some potentially-useful abuse- and stalking-related resources:
But getting new or different security suggestions around here? Or advice about non-IT issues that can arise with some of these reports? Not so likely.
RedTiff wrote:
So you are confirming that it can be hacked and you had to take it to an Apple Store to get this resolved?
That sequence of postings includes, unfortunately, little about what happened with the device, what happened at Apple and what (if anything) was found or resolved, and what then happened that led to a return visit.
I do not expect the posting in these “hacked” threads will detect and post any forensic evidence indicating compromises, however. I’ve looked at many posted images containing mundane and benign log chatter misunderstood, as have others. Adversaries prefer to avoid exposing their exceedingly expensive exploits widely too, less those vulnerabilities be identified and mitigated.
I an aware of (exceedingly few) people around the communities (or elsewhere) that have been targeted, and in the cases I’ve encountered, the motivation of an adversary had used for targeting was unfortunate but all too clear.
In another case, the issue found was utterly unrelated to the iPhone and to what had been reported. The hardware and firmware and software and passwords were all fine.
Can an iPhone be targeted? Yes. Exceedingly rarely, but possible. Is exploitation common? No. Not at all common.
If someone has repeated the same remediation dozens of times however, either the remediation is not working, or there is another issue or path yet determined and yet unresolved, or there is something else happening entirely. And little (none?) of that is feasibly researched or resolved around here in an anonymous forum, nor even can it be. Not without background and forensic access and other details, and the time and effort and access involved.
Complicating all of these discussions, it is difficult if not impossible to prove a negative; that a device is not compromised.
I have taken my managed/ hacked iphone to Apple many times since 2017. This includes a MacBook and iMac.
I'm curious about how/why this works?
Context: It seems to have cleared up a worrisome issue for us. I have a child studying overseas who used their banking app on public wifi (they knows not to do this but felt stuck, as esim data service wasn't working). When they go into banking app to initiate any kind of transaction, super sketchy pop up appears asking for debit PIN. Restarting seems to have cleared this up. But do I trust that this is fixed? We're doing sw updates, app updates, clearing cache etc, still.
I FINALLY have come across your reply and it actually looks like an educated reply. I have been having this issue for years with so many different phones. And I believe I know exactly who is doing this. But because I am not tech educated I’ve never known how to explain what I’m seeing on my phone. However, now I am not able to access most of my settings , I’m constantly having to use my Touch ID to access literally everything on my phone which I’ve never had to do before, when I try to do emergency reset it shows that it cannot there is a problem when gathering “sharing information” and it never does the emergency reset. When I factory reset the phone it literally comes back to the same wallpaper and everything so it’s obviously not resetting. It shows there is some kind of open source license Apache and MIT license on the phone and I’ve never downloaded anything like that, I constantly get emails that are not from who they say they are, websites look like the website it’s supposed to be but then I’m able to see that it’s a random url. I mean I’ve dealt with so much of this and I don’t know who to go to or what to do. Please advise if you can!
Never mind. Apache is mentioned in the license section, along with Adobe, a zillion dictionary copyright notices and dozens of others.
All completely meaningless of course as any idea, or even hint of malware.
patpofFallbrook wrote:
I have taken my managed/ hacked iphone to Apple many times since 2017. This includes a MacBook and iMac.
Correction: You've taken devices to Apple with problems that you thought were caused by hacking. The fact that Apple could resove the problem doesn't mean that the cause was hacking.
patpofFallbrook wrote:
I have taken my managed/ hacked iphone to Apple many times since 2017. This includes a MacBook and iMac.
Wow if you're getting hacked that often maybe you need to give up computing.
Presuming you had taken at least a bit of initiative to read this topic, you'd already know the answer.
Such as, does that look like a URL that would belong to Apple? Have you looked up AppleCare Plus Protection System to see if there really is such a thing?
I’ve been dealing with this craziness for 2 1/2 years now. Multiple devices. Countless hours dealing with apple. It will consume you if you let it. I’m sorry it totally sucks.. Just know other people are dealing with this. Don’t let them make you feel like your crazy.. Take care
All these posts about "hacked" iPhones. Firstly why would anyone want to "hack" your phone??? What would they gain? Banking apps are now so secure that you require a OTP to do anything.
Secondly if by some chance someone did manage to find a way to "hack" an iPhone why would they bother with you when they can report the security flaw directly to Apple and collect a bounty https://security.apple.com/bounty/categories/`?
That would make far more sense than having access to photos of your cat or your Uncle Bob's phone number
Hi Jim, I can tell you have a lot of expertise and am hoping you will see this message. I thoughtlessly charged my phone in someone's Uber this evening and fear I may have exposed myself to "Juice Jacking." It appears that quite a bit of data can be stolen, especially if your phone is unlocked while plugged in, which mine was.
If this was just a random Uber ride, I might not be so worried. But the guy convinced me to leave the Uber app (cancel the ride) and pay in Venmo. I see now how completely naive and stupid that was, so internet, please don't pile on me. (I was bringing my dog home from an emergency vet visit and very sleep deprived, and it was a long Uber, expensive, etc. and the guy offered me a better price. I know it was dumb.)
He then proceeded to be very chatty with me and long story short, he now knows my home address, what high school I went to, my father's age, how many siblings I have, my general line of work, and probably a few other things. So that, combined with the fact that I charged my phone in his car, I am very concerned now.
I have changed my Apple ID password and banking password, but is it possible he could be monitoring my phone from afar? Or have access to my 1Password app that's on my phone? What could he have stolen via Juice Jacking? Surely all my photos and videos.
Thank you Jim and folks on the inter webs. I appreciate your kind, nonjudgmental suggestions for next action steps.
ilearn.jr wrote:
Hi Jim, I can tell you have a lot of expertise and am hoping you will see this message. I thoughtlessly charged my phone in someone's Uber this evening and fear I may have exposed myself to "Juice Jacking." It appears that quite a bit of data can be stolen, especially if your phone is unlocked while plugged in, which mine was.
Did you read the complete FCC article? Especially this sentence?
Although "juice jacking" has been demonstrated to be technically possible as a proof of concept, the FCC is not aware of any confirmed instances of it occurring.
There is a lot of fearmongering around this sort of thing. Mostly because there are a lot of companies that want to sell you things to "protect" yourself and your data. What they really do is drain your wallet.
You had a friendly driver who is not getting adequately paid by a big company and was trying to make an extra few dollars. Sure, maybe he was being friendly to get you to agree to pay through Venmo but I suspect that was the worst of his crimes.
You may also want to be a bit more circumspect in your conversations with strangers. Avoid giving out names or ages. Tell that great story about your uncle taking a horse up to the third floor of the women's dorm and almost getting kicked out of college. Just don't give out your uncle's name or the name of the college.
My iPhone has been hacked, what to do?
