Ipad Hacked - I watched somebody go into my contacts and browse around

I just got off the phone with Apple support - I even pointed them to this thread.

After going through a CS Rep, a Tech, and a Senior Tech, Here's the answer from Apple:

1. There really isn't a way to access an iPad remotely.
2. But I should go ahead and wipe my iPad just in case.
3. I should really be more cautious about the apps I install from the App Store.

When she told me to be careful about the app store, I pushed back with some questions.

1. Me: "Aren't all Apps reviewed before they are allowed in the app store?"
2. Senior Tech: "It's like a grocery store, they may have a bad product that needs to be recalled, like chicken with salmonella, but they are just the store and they can't tell that right away."
3. Me: "Doesn't Apple review the Source Code of the apps that are submitted?"
4. Senior Tech: "Yes, but we don't know exactly how they work" *repeats grocery store comparison*.

I don't even have a specific app to be suspicious of, because it happened as soon as I turned on my iPad.

I don't use Bluetooth, and I highly doubt that it happened over Wi-Fi.

I believe that Apple uses software that can analyze the code and identify potentially dangerous or unwanted behaviors. That's the only way that they could possibly screen so many apps. That catches most stuff, but obviously it's not possible to entirely prevent bad apps from entering the App Store.

However, the security features of iOS mean that there are some serious limitations on what a bad app would be able to do. There's no way that a bad app from the App Store, on an iPad that is not jailbroken, could remotely control the iPad. That's simply not something that an app has privileges to do. Apps are only allowed to do certain things within a very carefully controlled sandbox.

Now, if someone malicious and very tech-savvy has had access to the iPad, it's conceivable that they could have installed something malicious. With physical access, much is possible. The iPad could have been jailbroken and the evidence of that jailbreaking removed, for example. However, it's very unlikely that anyone who had the know-how to do this would spoil the effort with such a flamboyant display of hacking as remote controlling your iPad. (Assuming there's even software for jailbroken iPads that would do that.)

In all, it's far more likely that this is something like a dirty screen, damaged hardware or system glitch.

Is there away to mark this post/thread urgent!!!!

I have the same problem! My ipad has not been jailbroken either. I've noticed it happening on several occassions. It appears as if someone has remotely taken control over my ipad. They're able to open and close apps, click links, open emails. I first thought that it was a bluetooth problem, but I turned off bluetooth and disconected all of my blue tooth devices. I've also seen this occur on other wifi networks/routers besides my own. It's extremely disturbing. I think apple needs to be made aware that this is happening. I first noticed the problem while I was reading and using the Kindle app. But it's funny you should mentioned Subway Surfer because my kids use that app all of the time and I recall the problem occuring with that app opened. What should I do? I need my ipad but I'm affraid to use it now. I ony hope that whoever is controling my ipad has not been able to hack into other sensitive accounts. Common apple, you guys need to look into this.

I think apple needs to be made aware that this is happening.

Why?

I'm not sure why what I keep repeating over and over here isn't sinking in. You haven't been hacked, and your problem is certainly not related to Subway Surfer or the Kindle app.

1) Clean your screen

2) Press and hold both the home button and the sleep/wake button for about 10 seconds, until the screen turns off. Ignore the slider that will appear. Release the buttons, then press and hold the sleep/wake button until the Apple logo appears. This is the equivalent of a reboot, and should not affect your data or apps.

3) Restore your iPad to factory condition.

4) If all else fails, get the hardware checked by Apple.

So I ask.. 1) When people day "Dirty Screen".. What does that mean? Do you mean an actual dirty screen?

Yes. A dirty screen can cause all manner of spurious input from the touch screen. I've personally seen it happen myself... not with an iPad, but with another brand of tablet that a little kid was using. The thing was filthy, and after it was wiped off, it worked fine.

4) Check my hardware by Apple.. Do you think that hardware could have a bug in it where it looks like the machine is doing things a human would do?

Absolutely. You'd be surprised how often people ascribe a purpose to completely random actions. I've seen it many times, where a random issue caused by a dirty screen or a bad mouse (in the case of a computer) was blamed on a hacker.

1) Okay, I admit it, My screen is "dirty". You can see everywhere I have poked my finger and the places where I swipe to unlock/power off. I should use one of those alcohol wipes. And this should top my priority list. *wink*

4) I'll raise you one. I would love to be able to look at my own operating system logs. I would at least like peek at a copy of what comes out when they make you go through iOS Diagnostics. But, I did buy an Apple product, and I mostly bought into their model. If there is a debug tool for iOS, made by Apple or otherwise, would someone post it?

Don't use an alcohol wipe on the screen. It's not just a piece of glass. You just need a slightly damp cloth. If you use chemicals, including alcohol, you can damage the oleophobic coating on the screen. See:

http://support.apple.com/kb/ht3226

As for debug tools... I would have to ask if you are an iOS developer. If not, I would guess that you don't have the experience or knowledge necessary to interpret any logs you might locate. It is often the case that people suspicious of malware look to logs as a "magic bullet" to identify the malware, and they end up getting themselves in trouble because they don't have the knowledge to understand what they're looking at. It's very easy for the inexperienced to find "evidence" of malware in a log file. Don't go there unless you already have that knowledge... though, of course, if you did, I wouldn't imagine you'd need to ask about a debug tool.

Thank you for the cleaning advice - I should just get out the microfiber eyeglass cloth.

Debug Tools: Not a coder, but an IT college student who can handle looking through a log. If anything, I would look for a connection, inbound or outbound, from an app that I know was not running in the background, or some type of non-Apple process that shouldn't have been running around the time of the incident.

Just read this post, my guess is, ...... the Cable guy who set up the password may be the hacker, since he is the one who set it up??? or possibly anyone else who came to your house and wirelessly connected to your router with your permission and saved the password? wow unbelievable!

anytime an At&T guy comes out to work on our internet, I immediately change the password for our router and sign in

Jailbreaking allows you to install apps that aren't available in the App Store. It works by removing all the security features of iOS, and as such, it's a very bad idea to do this. The only malware available for iOS only infects jailbroken devices, since they're the ones with no security. Not to mention, jailbreaking voids your warranty!

There are some ways to install apps from outside the App Store without jailbreaking, but those are equally unreliable and dangerous. And both this and jailbreaking require someone with physical access to the device to do the hacking... there's no known way of doing that remotely.

Unlocking a phone so it can be used on a different carrier is another thing entirely. There are hack sites that show you how to do this, but those hacks are unreliable, may brick your phone and are likely to fail after iOS updates. Doing this is a very bad idea. Only the phone's current carrier can unlock it "for real."

Thomas,

Earlier in this thread WJBurr posted a link to an interesting article. It describes a method whereby this type of compromise could be performed. It states that the hack could be accomplished through a "rogue" WiFi access point, and that the target iPad could be silently jail broken remotely, without physical access.

I would post the link here again, but every time I do, my post gets deleted. You'll need to go back to WJBurr's post to find it.

Your statements seem to be at odds with the information in this article. What do you think about its validity? The information was presented by McAfee, who I would consider to be a reliable source.