8 Replies Latest reply: Oct 14, 2013 1:03 PM by thomas_r.
volley99 Level 1 Level 1 (0 points)

I there anything I can do to make sure there are not virus or such on my iphone?

 

Every gmail account that I check on my iphone was targeted today.  All of my gmail accounts except one blocked the unauthorized user from opening my gmail account with the correct password.  Most of these gmail accounts I only check on my phone.  The one account that let the hacker in was the account with the 2 step verification process (I use the google authenticator on my phone and have a password specific to my phone).  They were all attacked at the same time from the russia /Ukraine area.  I first noticed this because my main account with the two step verification recieved 200 return emails (undeliverable) of spam.  I then check my sent folder and found lots of sent spam messages.  I believe they stopped sending messages since my account reached googles outgoing mail limit.  None of my account settings were changed.  I caught the problem 2 hours afer the attack. 

 

I had 2 other emails addresses on the phone that are checked but those didn't seem to be affected or I couldn't tell.  The one uses gmail but has a different ending after the @. 

 

I have since changed all the passwords on my accounts.  Changed my reset emails.   Deleted 2 step verification and removed all computeres hooked up but then added 2 step verification back with a new password for the iphone. 

 

Is there anything else I should do?  Can I scan my phone to make sure this does not happen tomorrow after the 24 hour restriction from google is up? 

 

 

There are two possible ways this happend that I can think of?  I opened a suspiscious email today 3-4 hours before the attack.  My kids were using the phone to play minecraft at the time. 


iPhone 4S, iOS 7.0.2
  • Johnathan Burger Level 6 Level 6 (15,615 points)

    There are no viruses for iOS.

    Your phone was not hacked, Google was.

  • volley99 Level 1 Level 1 (0 points)

    How?  I have 7 different accounts of mine that someone tried to access at the same time with the correct passwords (all different).  My personal account that was hacked had a 11 character password with caps, symbols, numbers, and letters. Along with the 2 step verification. The only place all that was store was on my iphone.  My husband and my other gmail accounts not kept on my iphone were not touched.

     

    If there is no virus they still must have been able to access my password information on my iphone.  I don't save passwords on my computer. 

  • thomas_r. Level 7 Level 7 (30,470 points)

    Go to your Mail settings for each of those accounts and look at the Advanced settings. Is SSL turned on? If not, any open wifi network that you have used could be the issue. Someone could have captured the packets your phone was sending, and without SSL, those packets would have been sent unencrypted, with your passwords in clear text.

     

    As Johnathan says, there is no malware for an iPhone, unless it has been jailbroken. (If you let your kids play games on it, you'd probably better check to see if they jailbroke it without your knowledge. If you find a Cydia app on the phone, it's jailbroken.) This is due to the security settings that prevent any executable files from running unless they have been downloaded from the App Store. Thus, opening an e-mail message is totally safe... even if it had a malware attachment, and even if that malware were written for iOS, it still wouldn't be allowed to open. Unless, of course, the security had been removed by jailbreaking.

     

    One last note: GMail provides hackers with the method of their dreams for leaving a backdoor on your account. Delegation allows them to add an account that is authorized to access your account, and if they do that, even changing your password won't lock them out. You need to check for such a backdoor. See:

     

    https://support.google.com/mail/answer/138350

  • volley99 Level 1 Level 1 (0 points)

    Thank you for your responses.  All of my accounts use SSL encryption.  I try not to sign on to open wifi networks and have turned off downloading data now from my cell network.  I had turned off my wifi but when it was turned on at 6:50 this morning on my home password protected network it looks like someone might have signed on from the US and from Belarus (unless that google is just showing me that Bellarus as recently signed onto my account yesturday).  I have changed my password several times.  I have now removed the 2 step verification just in case they recieved that new application password along with another password change.

     

    I checked the mail delegation info and there are no accounts set up for delegation that I can see. 

     

    How would I check for a cydia app.  I doubt my kids would know how to do that just yet.   I downloaded the new IOs recently and they are just figuring out what my settings app picture looks like. They don't even have access to download new apps since they don't know my apple password. 

  • thomas_r. Level 7 Level 7 (30,470 points)

    If you're on iOS 7, just go to the home screen, then tap in the middle of the screen somewhere and drag down. That will bring down the search bar, and you can search for Cydia. If you find it, that's concrete evidence that the device has been jailbroken. I'm not a jailbreaking expert, though, so I don't know what else to tell you to look for if you don't find Cydia (if, for example, it was deleted).

  • volley99 Level 1 Level 1 (0 points)

    Thanks.  I didn't not find Cydia and I really doubt my kids jailbroke it. 

     

    I did find a better way to check who is accessing my gmail section of my account (bottom of the inbox page when accessing from the web)  and I have not had any unknown access in the time frame listed (from 1am till now).  I don't know if gmail access would be different than google account access.  I guess I just get to wait and see if it happens again especially when my email will be free in a few hours to send emails again. 

     

    It doesn't make sense how they got the information.  If they can't get into the Iphone system and that is the only place the information resides together without other email account information. 

     

    Right now my phone is not checking any emails to be on the safe side.  It is kind of freeing not to be reading emails on my phone throughout the day.

  • thomas_r. Level 7 Level 7 (30,470 points)

    [...responding to myself to make this blasted forum show me the latest post that it's currently hiding from me...]

  • thomas_r. Level 7 Level 7 (30,470 points)

     

    I don't know if gmail access would be different than google account access.

     

     

    GMail accounts also double as Google accounts these days.

     

    It doesn't make sense how they got the information.  If they can't get into the Iphone system and that is the only place the information resides together without other email account information.

     

    I don't know how they've done it, in this case. I just know that it's not malware, unless you are the "lucky" discoverer of something brand new. I think that's pretty unlikely.

     

    Does anyone else know the passwords to these accounts? If so, you not only have to consider how careful youare with them, but how careful the other folks are.

     

    Were those accounts all using the same password? If so, one account may have been compromised on some other device, thus compromising all the others.

     

    Were the passwords potentially guessable to someone who knows you, or someone who searches social media sites for information about you?

     

    It's also possible that what you thought was a good, secure password was actually easily guessed by a brute force attack executed by a botnet. There are certain strategies that hackers use to guess passwords that you would think are totally safe. If there's any kind of system behind the way you insert numbers into your passwords (such as p1a2s3s4w5o6r7d8), it's potentially vulnerable to brute-force attack.

     

    Or it could be something I haven't thought of, even possibly a vulnerability in GMail for all I know. The "good guys" are constantly playing catch-up with the hackers.