Ipad Hacked - I watched somebody go into my contacts and browse around

There is no known way of remotely controlling the screen on an iPad that has not been jailbroken. Dirty or defective screens have been known to make this happen, which can look very deliberate sometimes.

Regarding the router, note that the encryption you're using on your network doesn't mean anything if you've got your router set to allow remote administration. This would allow anyone who brute-force cracks your password over the internet to change your router settings. Make sure to turn off remote administration in your router.

I think apple needs to be made aware that this is happening.

Why?

I'm not sure why what I keep repeating over and over here isn't sinking in. You haven't been hacked, and your problem is certainly not related to Subway Surfer or the Kindle app.

1) Clean your screen

2) Press and hold both the home button and the sleep/wake button for about 10 seconds, until the screen turns off. Ignore the slider that will appear. Release the buttons, then press and hold the sleep/wake button until the Apple logo appears. This is the equivalent of a reboot, and should not affect your data or apps.

3) Restore your iPad to factory condition.

4) If all else fails, get the hardware checked by Apple.

Thomas,

Evidently WJBurr's post containing the link was deleted, but the article offered very little in way of evidence of the possibility of this, and at least in my opinion was spurious at best for a number of reasons:

1. It basically described a discussion given by someone from MCaffee at a conference (strike one - I have no faith in the validity of any statements on iOS security coming from them).
2. The article (again, not posted by Mcaffee, but a second hand account, but does include a link to MCafee's white paper) is over a year and a half old. But we have heard nothing of this anywhere else?
3. It is obviously describing a much older version of iOS. If this vulnerability ever existed, it has more than likely long since been patched.

Message was edited by: James Ward4

Thomas,

I haven't jailbroken my iPad and it has been factory reset and checked by Apple Store in the UK.

I have changed default passwords for SKY's router and my MBP and iPad, but still the problem occurs i have video'ed the actuall "remote" connection showing how the ipad's keyboard pops up and starts typing as experienced the same by Alexandr previously.

I have checked and remote management of the router is not enabled.

Do you know if any Mac Software that can navigate around on the iPad (e.g. similar to PC Anywhere or remote Desktop) when connected via the USB cable ?

Don't use an alcohol wipe on the screen. It's not just a piece of glass. You just need a slightly damp cloth. If you use chemicals, including alcohol, you can damage the oleophobic coating on the screen. See:

http://support.apple.com/kb/ht3226

As for debug tools... I would have to ask if you are an iOS developer. If not, I would guess that you don't have the experience or knowledge necessary to interpret any logs you might locate. It is often the case that people suspicious of malware look to logs as a "magic bullet" to identify the malware, and they end up getting themselves in trouble because they don't have the knowledge to understand what they're looking at. It's very easy for the inexperienced to find "evidence" of malware in a log file. Don't go there unless you already have that knowledge... though, of course, if you did, I wouldn't imagine you'd need to ask about a debug tool.

I'm not sure what you're looking at. Looking at WJBurr's profile, he has only posted on this topic. Searching for his username on all the pages of this topic only turns up the following post:

Re: Ipad Hacked - I watched somebody go into my contacts and browse around

That post does not contain any kind of link to - or even reference to - a specific article.

So, I can't comment on that article, because I haven't seen it. However, I will say that when it comes to security issues with Apple devices, I don't have a lot of respect for McAfee. They just don't seem to get it most of the time. I tested McAfee against 188 Mac malware samples earlier this month, and it only detected 99 of them. 😐

Why are posts deleted unless it's from somebody off the topic?

Posts will get deleted for a variety of reasons... rudeness or rants, speculation about future Apple products, discussion of Apple policies, etc. See the Apple Support Communities Terms of Use for information about what is prohibited.

One thing that is most definitely not allowed, but is not specifically mentioned in the terms, is any discussion of jailbreaking (beyond saying something like "don't jailbreak, it's bad!"). Any post that seems to be advocating for or giving instructions for jailbreaking is promptly removed.

If you ever feel like a post has been removed in error, you can appeal that decision in the Using Apple Support Communities forum.

Thanks for re-posting that. I notice that the vulnerability in question was patched almost a year before that article was posted by SecurityWeek:

http://lists.apple.com/archives/security-announce/2011//Jul/msg00005.html

I also notice it was patched months before McAfee presented any findings. This vulnerability was discovered by security researchers, who revealed it to Apple. As far as I am aware, it was never exploited in the wild.

Now, as to your statement about an "almighty Apple and they can do no wrong attitude," clearly you have not understood the point being made here. There is a very significant difference between saying that it is impossible for such a hack to exist and saying that there are no currently known remote access hacks.

If you wish to speculate on a theoretical targeted attack going on right now that all these folks are suffering from, but somehow nobody has heard of, then I can't stop you. I can't even say that that is impossible, though it is extremely unlikely. However, that claim does a serious disservice to folks who need a solution, not a source of unfounded fear.

I just got off the phone with Apple support - I even pointed them to this thread.

After going through a CS Rep, a Tech, and a Senior Tech, Here's the answer from Apple:

1. There really isn't a way to access an iPad remotely.
2. But I should go ahead and wipe my iPad just in case.
3. I should really be more cautious about the apps I install from the App Store.

When she told me to be careful about the app store, I pushed back with some questions.

1. Me: "Aren't all Apps reviewed before they are allowed in the app store?"
2. Senior Tech: "It's like a grocery store, they may have a bad product that needs to be recalled, like chicken with salmonella, but they are just the store and they can't tell that right away."
3. Me: "Doesn't Apple review the Source Code of the apps that are submitted?"
4. Senior Tech: "Yes, but we don't know exactly how they work" *repeats grocery store comparison*.

I don't even have a specific app to be suspicious of, because it happened as soon as I turned on my iPad.

I don't use Bluetooth, and I highly doubt that it happened over Wi-Fi.

Have you made these adjustments:

> Change the default wirless network name from default (ex. Linksys476) to "BillyBobsFleaCircus"

> Change the password from easily guessed (JaneandBill123) to something like "x$8_3arY&"

People know hacks into certain makers of routers (my first suggestion).

People guess network names from names on mailboxes, so use randon and unguessable network names (my first suggestion)

People think their simple passwords cannot be guessed from names of their dogs or children (my second suggestion)

Amazing how many network installers do *not* tell people the safe methods.

Change your admin password to something as complex (although you sound like you did already).

You should change those passwords once a month, and write them in a log you store in a known place like a closet shelf in your room.

Some routers allow "guest passes" that you can tuen on or off at will so your primary password is not told to the world and still your kids' friends can access it. Call Cox for details about that.

Alekandr,

I have had the exactly the same experience as you mentioned with my iPad 1st Gen. I too have had the password changed on Router/Mac, and use strong encyption. I also took to the apple shop but they couldn't help as the issue didn't happen whilst at the shop?. I am asking my broadband supplier in the UK (SKY) to look at the issue too.

Did you ever discover what the issue was?. i have virus checked using Sophos and also Little Snitch and no issues have been found.

Sergio