Has your iPhone been hacked???

The following information is from a friend of mine (Michael Jenkins) that has had first hand experience with the issues.  It highlights what may be an ongoing hack on the iPhone OS.  Details are sketchy right now, but investigations are under way by a number of sources.  Please read the information and if you feel you’ve seen this then contact Michael direct.

 

We spend a huge amount of money, and resources, on protecting our data and infrastructure from unscrupulous use. We analyse networks, servers and software looking for the smallest leak. In days gone by, the simple floppy disk or USB key was a risk. Then it became unencrypted lost laptops (or net tops) and there has been the ever present threats from the internet.

Rarely do we review such useful devices and simply trust them, like the iPhone.

What would you do it you looked down at a friends iPhone one day only to see your domain username and password splashed across the screen?

Img_2189_ed photo1_ed photo

We trust devices such as iPhones. We trust companies like Apple to give us secure devices and have partnership agreements in place to cover bridging technologies (like Microsoft Activesync) so that the device we hold is as patched and protected as it can be. If something goes wrong, we trust them to fix it as quite simply we can’t. We can patch with whatever they give us or turn off the dangerous features making them useless but we can’t really tweak that much.

During this week I have had such a wake up call. I have been dragged into this scary world. As an IT specialist and someone that works with security daily, I have overlooked the simple. The device that I, and many others, carry in their hands and on their hips.

I was contacted earlier this week by people who had Flash SMS’s to their iPhones with some very scary words.   During the remainder of this week I have been exposed to numerous more phones, including one in Florida, who have had sensitive information flashed up to the screen. The information contained on the screen includes domain information, passwords and even iTunes and Gmail account passwords. I have seen parts of Visa card numbers and much more.

I am only guessing here but with the huge amounts of information available on the internet and even Apps in the iTunes App store which allow you to send your own Flash SMS’s, I suspect someone has made a 2 part hacking tool. One part is Malware and gets into possibly Microsoft Exchange servers or at the very least gets into ActiveSync and starts cultivating usernames and passwords and the other part sends Flash SMS’s to random phones whose numbers are stored in your favourites in your Phone PIM data. From the screen shots I have seen I have seen domain controllers internal domain names, local administrator passwords for workstations, Network usernames and passwords and much more.

The Flash SMS is an interesting tool. It was designed for Telco’s to send important messages to their users. It leaves no SMS in your inbox or anywhere you can see on the phone and simply leaves you with one button on the  screen to dismiss the message. It is not meant for the purpose I am seeing.

Currently I am working with numerous security partners including Microsoft and Apple to resolve this. If you get any such messages accompanied by the SMS audible tone, press the power button and main button to take a screen shot and send it to michael.jenkin@usa.net

I hope to soon be able to tell you what to do, to keep safe. At the moment all I can suggest is remove Credit card numbers from iTunes accounts, change your passwords and update to OS 4.0.2

Tags: ,

This entry was posted on Thursday, August 12th, 2010 at 10:02 pm and is filed under Blog. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

31 Responses to “Has your iPhone been hacked???”

  1. Tweets that mention Has your iPhone been hacked??? -- Topsy.com Says:

    August 12th, 2010 at 10:33 pm

    [...] This post was mentioned on Twitter by Wayne Small, mickyj. mickyj said: Update on the iPhone Flash SMS and password hack http://www.sbsfaq.com/?p=2165 [...]

  2. Adam T Says:

    August 12th, 2010 at 10:44 pm

    hi i had the same thing on my i-phone and this is all i could find on it.
    i didnt get a screen shot but i saw some email and what could have been a password.
    hope apple start flying straight soon or im ditching.

  3. iOS hack using FlashSMS - BlackBerryForums.com : Your Number One BlackBerry Community Says:

    August 13th, 2010 at 5:21 am

    [...] to gain access to your data – and potentially your company's data. Here's some information on it: Has your iPhone been hacked??? One part of this article: [...]

  4. me Says:

    August 13th, 2010 at 7:33 am

    is it ACTUALLY in the process of downloading info when this screen comes up (and showing a % progress indicator?!) or is that just for show? If so, then maybe it would be more advisable to….you know…turn your phone OFF as opposed to taking screenshots :/

  5. Radek Says:

    August 13th, 2010 at 8:58 am

    Is this fixed with Iphone OS Update 4.0.2 ? Or is it still exploitable?

    Ta

    Radek

  6. L1feless Says:

    August 13th, 2010 at 10:38 pm

    This is an interesting post an issue. I believe part of the problem is that Apple is controlling who and what apps get published. They hold all the keys. The issue is that in this process they either do not require or do not audit the source code or behavior patterns of the software they release and allow their customers to install. Although I personally do not like Apple’s model of smart phone’s I can appreciate why they are doing it. Their core goal is to make a device which they can control and ensure quality. With this in mind I think Apple really needs to tighten the screw and audit it new submissions and existing apps.

    On the same note I think Google will need to have (if they don’t already) a similar process of application validation. Google is more liberal with what can be installed in the Android but will need to have a validation and audit if it too is to avoid issues like this on a larger scale.

  7. Mickyj Says:

    August 19th, 2010 at 10:16 pm

    Adam T, can you please contact me about your phone? I need to get as much demographic details about those hacked as possible. We do not care if you have or have not jailbroken your phone. We need more information.

    Please consider this a plea for anyone to repond.

    michael.jenkin@usa.net

  8. Mickyj Says:

    August 19th, 2010 at 11:03 pm

    To help people locate this post in Google by matching some of the messages that appear on the iPhones, here are some of the messages with the appropriate data masked.

    8A306#$get+216.65.3.XX/(app=itunes’username@gmail.com&password**v6)

    *exxpploit* Downloaded PIM data… 100% nice day you have now username.domain.local

    darwin%lx$ret+$offset-domainlogon=password?

    ** ?ex_”-=t?e ** 30% downloaded. ios401

    *@#”"oit* 28% PIM Downloaded. NICING DAY!

    *exxxploit* Downloading PIM data… 40%

  9. aaeezy Says:

    October 15th, 2010 at 11:28 pm

    http://psichron.za.net/wordpress/2010-08-23/sending-a-class-0-or-flash-sms-with-the-iphone/

    the above link explains all

  10. Mickyj Says:

    October 18th, 2010 at 11:02 pm

    As this phone is not jailbroken and the Flash 0 contained secret passwords known only to the recipient, then this web link is not applicable.

  11. Maryanne Says:

    January 27th, 2011 at 4:59 am

    My iPhone has shown recent questionable activity.
    Data uasge when phone off and no emails nor phone calls received.
    There are also no apps on my phone.
    My phone is not jailbroken.
    Have noticed that the signal strength suddenly decreases tremendously, despite AT&T gifting me with a microcell. Had no problems until January 2011.
    Signal strength decreases, very noticible.
    Battery fading faster than normal, very noticible.
    Signal strength interuption, very noticible.

    The payoff was yesterday while accessing my email on my phone, I saw something which read ‘ downloading 7 files’ flash across bottom of screen ( the same way you would see a message being sent)

    That confirmed in my mind that my iphone has certainly been compromised.

    Spoke to AT&T who gave a song & dance.
    Spoke to Apple, who reluctantly confirmed suspicious activity .

  12. Ebony Says:

    May 4th, 2011 at 4:16 pm

    I’ve noticed my battery running down alot quicker than usual and random programs keep opening.
    Just now my phone was sitting on my desk and voice control just randomly popped open on it’s own and then closed back out.
    Also it takes my phone FOREVER to turn on. Sometimes I’m afraid to turn it off and my signal strength is lower tha normal too!

  13. Trevor Says:

    July 16th, 2011 at 11:03 am

    My phone has been acting very strange.. I have pop ups saying my AT&T bill has been completed and things saying that device is not compatible with this software. My battery dies much faster and my phone deleted all my text messages out of no where? Whats going on?

  14. Mickyj Says:

    July 31st, 2011 at 5:08 pm

    I have since heard that Mobile Me accounts can be created and then used to access phone settings and send Flash Zero SMS’s. This might be the source of much of the Mischief

  15. chrissy Says:

    August 11th, 2011 at 7:33 pm

    My ex hacked my iphone today. I have had it for just over 24 hours (my first Iphone) and he is across the country. it went like this: he called from a number i didnt know I missed the call and when i tried to call it back i got a message that the phone was disconnected. I texted the phone asking who it was I got a text back that said “really” tried calling again but the phone was again disconnected. I then check my email on my computer, I have an email from myself (from my personal email to myself) with a nasty mean subject and the body saying sent from my Iphone. I check my outgoing mail and there is a message again sent from my iphone to my ex’s mom with another negative subject and the body saying sent from my iphone. i did not send either of these emails. what do i do?

  16. Wayne Small Says:

    August 12th, 2011 at 7:13 am

    Chrissy,
    First thing to do with this is to change your passwords for email etc. That is the most likely cause of the issue. If you have bank passwords as well – change them too just to be safe.

  17. mickyj Says:

    October 19th, 2011 at 2:49 pm

    More information has been made available with this article

    http://www.scmagazine.com.au/News/277185,untraceable-iphone-flash-smses-carry-hacked-data.aspx

  18. Steve m Says:

    December 21st, 2011 at 9:51 am

    just had my iphone hacked, ended up with a virus on the computor, my microcell & phone had to be removed from the system and reentered as a new device by AT&T. i began having emails, calls & texts being sent out saying they were from me but in fact they were not. i have just recieved a new number and email address changed web key on router and all passwords. first will i now be safe and second why would all the text and calls be on my bill if they were not from my phone. please help i am at a loss as to what has gone on.

  19. Brenda Says:

    January 13th, 2012 at 2:55 am

    My iphone has been hacked as well. It appears the person has access to all of my phone conversations and all of my texts — for how long I do not know. This hacker has sent messages to several people on my phone list pretending to be me…….these messages are showing on my log as me sending them, but that is NOT the case! The hacker also gained access to my FaceBook account, my gmail account and god only knows what else. This is a true NIGHTMARE and I am getting blamed for horrible messages sent to my boyfriend that were never sent from me! How does one fix a problem like this???????

  20. Razz Says:

    February 23rd, 2012 at 3:56 am

    I am encountering the same case as brenda. Someone can access my contacts and can send messages using my own number as well as my conversation messages. Can also access all my email accounts and facebook then suddenly i just saw that some of my private pictures was already uploaded. People are thinking that im crazy because they cant think that it is possible for someone to access everything on my phone but it is really happening. The first time that i encountered this, i changed my iphone to a new One but same model but after a few mOnths the same thing happend again. Please help!!

  21. Cendra Says:

    February 23rd, 2012 at 5:06 pm

    After reading Brenda’s story of an ex hacking into her IPhone. I was wondering if you found at how and/ or if you found someone that could verify your IPhone was hacked remotely. I have had my email account hacked into for the third time. Each time I created a new account and new password. The most recent email address domain @att.com was very secret and I had no problems for a year and a half until suddenly I noticed an email from lawyer I received was already opened before I saw it. Shortly after I noticed that on a few phone calls on two different evenings I heard clicking noises and a repetitive beeping noise that IPhones don’t make. The beeping noise went away when I hung up. I called another number and the same noises. It almost sounds like the sounds are not coming from my phone itself. I have an IPhone 4. I have had an IPhone from the year they came out. I feel like maybe two things have happened here, my email address hacked and some of my phone calls were remotely accessed and heard. I have caught P.I. on my property. 2 years ago I got a second phone with a different carrier and did not tell anyone. My ex boyfriend has a lot of money at his disposal. Anyone out there that can help me protect my privacy . Has anyone heard the repitive beeping noises during a phone call?

  22. marcus Says:

    March 25th, 2012 at 7:34 am

    Whenever I make a call or receive a call, it connects fine, but it also shows that I have an additional call going on with an “Unknown” caller. Why is this?

  23. Lisa Says:

    March 12th, 2013 at 3:56 am

    I’m freaked out. I updated to iPhone 5 in August and the battery life, of course seemed shorter. I’m a single mother of 3-very busy, so it’s hard to keep track and follow up on these things. However, I have iCloud and I was deleting superfluous contacts when I came upon one that said ‘Blacklight Spoofed’ and had several different (>25-50) 1-800#’s on it. It was shocking and I immediately deleted it. I know now that I should not have because it would possibly have helped me define the situation more clearly. But please, if you can provide any assistance, I’d be greatly appreciative. Lisa

  24. cvv shop Says:

    April 10th, 2013 at 1:49 pm

    It’s really a cool and helpful piece of info. I’m happy that you shared this helpful information with us. Please keep us up to date like this. Thanks for sharing.

  25. mickyj Says:

    June 7th, 2013 at 9:02 am

    Update for those that find themselves in this situation. We found the person dong this. It was being done to scare people into handing out money to remove the worrysome messages and stop the attacks.

    3 step process.

    Hack someones personal PC and get all their passwords out of their Windows local password cache and Internet explorer cache.

    Get an older windows mobile with a Flash SMS application and send flash SMS to your target and scare them into thinking that they have been hacked by including personal details and some gibberish.

    Later make contact and try and get money from the person who was attacked.

    As it is a flash SMS, sending it to an iPhone will not provide sender details and the SMS is deleted as soon as it is viewed.

    In this case Exchange, the server, Activesync and the iPhone are not actually hacked.

  26. mickyj Says:

    June 7th, 2013 at 9:04 am

    See Waynes followup post to see how this particular case eneded (See the comment 7/6/2013)
    http://www.sbsfaq.com/?p=2169&cpage=1#comment-23670

  27. Jenny Says:

    October 10th, 2013 at 7:18 am

    I feel that is one of the most vital info for me.

    And i am glad reading your article. But should remark on few general things, The web
    site taste is wonderful, the articles is really excellent :
    D. Good process, cheers

  28. check carrier iphone Says:

    February 9th, 2014 at 4:58 am

    I am actually pleased to glance at this web site posts which carries tons
    of useful data, thanks for providing these kinds of data.

  29. Gilbert Says:

    February 27th, 2014 at 9:40 am

    If some one needs expert view regarding blogging and site-building afterward
    i recommend him/her to pay a visit this weblog, Keep up the
    nice work.

  30. free Brazzers accounts Says:

    March 12th, 2014 at 1:54 am

    The actual performances are solidly real; on occasion brutally so.

    Levitt’s Jon is often a matter-of-fact, self-aware personal.
    He knows porn fills any void but he / she doesn’t know very well what that useless is.
    While his primary adore curiosity, Johansson will be his opposite
    range, a Matorral Hari who becomes annoyed each time a strand connected with hair
    no longer has sufficient location. But it is a testament in order
    to both Levitt’s way and Johansson’s acting ability that your
    ex character will never be portrayed inside a wholly bad light, and their
    characters’ romantic relationship plays as real.

    My page; free Brazzers accounts

  31. snort this Says:

    March 24th, 2014 at 7:45 pm

    I wish to show my affection for your generosity in support of folks that absolutely need assistance with this area of interest. Your very own commitment to passing the message all through had become rather powerful and have continually allowed somebody much like me to reach their dreams. The important useful information signifies a great deal to me and somewhat more to my peers. Regards; from each one of us.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>