Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Smittayzone
Smittayzone Author
User level: Level 1
5 points

HELP: I think my iPad was hacked overnight ??

hey everybody


i went on vacation to my father's beach house and brought my ipad, i am very very careful about all personal information and security...


he has a comcast connection and had a secure WEP password, it was a comcast three in one, phone, tv and internet router


anyways last night, i put the ipad into sleep mode at 1am (which i do all the time at home, never had a problem), locked the doors to the house and went to bed with the ipad in the night stand drawer next to my bed. only my wife and i were in the house...all week.


i wake up this morning and turn on my 64gb/3G 1st gen ipad (running 4.3) at 11am. i entered my 4 DIGIT PASSCODE to unlock the ipad and i click the safari app in the dock and 9 pages of history automatically opened up to sites i had never been to. so then i checked safari history and there were about 150 web pages visited, most notable, amazon.com


so freaking out, i check my email and sadly someone had ordered around $8,373.00 through my amazon.com account... they ordered android tablets, macbook pros, videos, cameras, kindles, etc. with everything shipped to my home address. the confirmation emails started coming from amazon at 8:15am-10:45am, just before i checked the iPad at 11am.


how could this happen? has anyone had an experience like this? or know what i am talking about?


i then drove immediately to my cousins house 2 miles away and changed all my passwords to EVERYTHING on my cousins hard-wired laptop NOT my ipad that was compromised....i also notified all 3 credit bureaus and put a fraud alert on my wifes and my social security numbers .... that they would have to call me before opening new credit cards, etc.


i then called the police and had them come out and note the incident, i changed all banking passwords, canceled my credit cards, revoked all bunk amazon charges and changed my password to changed my ebay, paypal, facebook, etc...


******** here's the kicker... Apple iPad Applecare rep said it had to be a close job ... someone had to get within 50-100 feet of comcast router and do it from there...


********SO RIGHT AS MY WIFE AND I LEAVE --- this kid walks down our barren vacation road, with a PC laptop OPEN in his hands, looking at it ....i asked what he was doing and he said going to his grandparents to use the internet, i said why is your laptop open, if you are just carrying it ??? and did he know that my router was broken into and my accounts hacked?? he looked young.


he acted so suspicious, so i called the police on him, he was walking around the neighborhood with the laptop open going up to houses and in back of them..... the police said his parents claimed he was going to his grandparents to use the internet, he was a minor... this is SOOO SUSPICIOUS!!!!


could he have hacked my ipad this morning??? from walking up to houses?? i mean 9 ipad windows were open...my passcode was bypassed and $8300 was ordered from my amazon.com account.


i left vacation and drove 2 hours home immediately after, i stopped by the genius bar at the Apple Store tonight and they ran diagnostics and looked at me like i was crazy... they had never heard of what i said before .....


they said i had really "low memory" cause there were a ton of Apps running... but when the genius double clicked my home tab, only weather.com, safari and mail were open. why was this??? were there Apps running in the background? could someone put a hidden App on my ipad?? my ipad is not jailbroken... could i test it somehow to see if it was??


I REALLY NEED YOUR HELP!! Apple Genius and Apple ipad Support and Care tossed me out like a wet towel.. said i could do whatever and that the Comcast network was probably compromised ... Comcast in turn is blaming Apple, that i probably downloaded an unsafe App months ago that had a keylogger on it and they waiting 6 months to nail all my accounts...


what should i do? is there anything you can think of??? i have not connected the iPad to my 3G network from AT&T nor my home WIFI... i also deleted about 30 apps i don't use in casae they had a keylogger, but i didnt think ipad had a keylogger unless it was jailbroken, mine is not.


or do you think my ipad was keylogged??? what apps could do this?? i got rid of Skype, Spotify, cause it sent my a security / virus email.... im so upset and dont know where to begin, any help would be MUCH MUCH appreciated and good karma comes back 10X fold... any ideas or anything would help.


i have to go to bed after this tragic long 13 hour miserable day ....


thanks for your help, smitt

Posted on Aug 11, 2011 10:33 PM

Reply
63 replies
User profile for user: deggie
deggie
User level: Level 10
167,201 points

Aug 12, 2011 1:52 PM in response to Smittayzone

It would have had to jailbreak your iPad and then take it over. If it did your iPad is still jailbroken:


http://www.macobserver.com/tmo/article/apple_patches_iphone_pdf_security_flaw_wi th_ios_4.3.3_update/


The current version is 4.3.5, the last update fixed another security problem with web certificates. Yes, you can update it. If you get an error 1015 while doing so you will know that your iPad was jailbroken.

Reply
User profile for user: potom
potom
User level: Level 1
0 points

Aug 12, 2011 1:55 PM in response to Smittayzone

yes, 4.3.3 is vulnerable to PDF exploit, if thats the way troyan got on your iPad

installing latest 4.3.5 update might not help but only prevent from future infections.


PDF exploit works with either Safari, Mail, Ibooks, and any other app which launches PDF viewer.



You need to do full factory restore, without restoring your previuous backup and installing every app one by one.


But it will also remove the tracks of the troyan, if you want to investigate it you need to get lazy *** Apple employee to belive you and analyze what you currently have on it installed.

Reply
User profile for user: Smittayzone
Smittayzone Author
User level: Level 1
5 points

Aug 12, 2011 2:56 PM in response to Apfelwurm

so in essence, couldnt i have opened a malicious PDF by mistake on my iPad and then had jailbreakme installed via the malicious PDF and given access and control of my 4.3.3 version iPad to whoever hacked my vacation house's modem/router? ... letting them order stuff from amazon, if it was in my history?


how do i fix this?? just install 4.3.5??


pls help as i need to do this tonight, thanks smitt 🙂

Reply
User profile for user: deggie
deggie
User level: Level 10
167,201 points

Aug 12, 2011 3:00 PM in response to Smittayzone

Just connect your iPad to your computer, wait for iTunes to start, click on the name of your iPad, move right to the summary page and click on Update.


If the Amazon rep told you that (I've never found a phone number that easily for them) they were dead wrong. When you click on 1-click (trademark Amazon, Inc. and all that legal ********), it will pop open a dialog box with your userID, if you are using cookies and you've used the iPad to buy before, or a blank and you enter your userID. In either event the password field will be blank and you will have to enter the password.

Reply
User profile for user: potom
potom
User level: Level 1
0 points

Aug 12, 2011 3:03 PM in response to Smittayzone

i dont think your wifi was hacked at all. even thouth its good idea to change from WEP to WPA2.

Jailbreakme might never been installed, just same method of PDF vulnerability was used to install some troyan

program.


If you dont want to investigate it , upgrade to 4.3.5 and dont restore your saved backup when it prompts you after.

You would have Ipad looking as you just bought it, after that just drag and drop your apps to your iPad in Itunes.

Reply
User profile for user: potom
potom
User level: Level 1
0 points

Aug 12, 2011 3:15 PM in response to deggie

deggie,


Investigate means, thats something Apple techicians need to look into , cause it started hapenning to people

recently and they might want to know what exactly on the ipad , analyze running processes, etc.


PDF vilnerability can be used not only to install jailbreakme, but to execute any code payload as suid 0 (admin user) - it can take legit apple internal program and replace it with something which has hidden features, if you really interested in it, i can explain it in details (for educational purposes), but i dont want to do that in Apple forums

Reply
User profile for user: Smittayzone
Smittayzone Author
User level: Level 1
5 points

Aug 12, 2011 4:19 PM in response to IdrisSeabright

thank you everybody for your help, i almost think i know what is going on here


so when i drive to work tonight, plug in the ipad (should i do a security update on my iMac first if it has one?)


so connect ipad, go right to summary tab, hit update and it will download and update to 4.3.5 from 4.3.3 ???


if the ipad is jailbroken... will the update not work??


if the update works, someone posted i should not restore my saved backup when it prompts me to after the update... is this "backup" the one it makes immediately when i plug in the ipad, before the update??


i have older backups i found on my work computer (yes i am paranoid and found out where they are stored) and put them on little USB drives.... could i restore from one of those, if i drop it on the ipad backup folder?? before this started??? but then again, maybe this started before last week...


help guys, almost there 🙂 smitt


have to drive to my office to try this, pls post away as i am leaving right now , on what to do, thank you all so much 🙂

Reply

HELP: I think my iPad was hacked overnight ??

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up