How is a non-jailbroken iOS device hacked into?

[dennysanders]

So, quite often I'll hear of people talking about their iOS devices being hacked. They say things like somebody is remotely accessing their iPhone, changing things around and making calls, texts or browsing websites in safari, etc. I've always just assumed they're full of crap and they're just the type of person who's got all these conspiracy theories. Is there any validity to these types of statements? If yes, how is somebody able to remotely access another user's device?

 

[Suckfest 9001]

I would imagine those people aren't very tech-savvy because it's not possible to "hack" an unjailbroken iPhone in those ways. The software is just too sandboxed. They're either lying or trying to cover up sketchy browser history to their spouses by blaming it on hax

 

[dennysanders]

I would imagine those people aren't very tech-savvy because it's not possible to "hack" an unjailbroken iPhone in those ways.

yeah, that was my assumption as well

 

[I7guy]

You can hack via iCloud that is not secured by 2FA or unsecured iPhones. But there haven't been any/many reports of widespread zero day iOS attacks.

 

[dennysanders]

You can hack via iCloud that is not secured by 2FA or unsecured iPhones.

how?

 

[I7guy]

how?

An unsecured phone that is not in your possession is a no brained. Without 2fa someone could guess your password, look at your iCloud documents, put your phone in lost mode etc..

 

[cynics]

There are two extremes that are equally silly. The group that thinks it's impossible to hack iOS and the group that thinks every little thing is a "hack". Usually people that think their phone is hacked is just a bug or they fell victim to a phishing scheme.

However anything is possible depending on what you are trying to accomplish.

Let's keep in mind iOS needs about 7-10 exploits to accomplish a jailbreak. So essentially a jailbreak itself is a hack, and we are pretty much there as of iOS 9.3 so it's very naive of someone to totally dismiss the idea of iOS being "hacked".

 

[dennysanders]

An unsecured phone that is not in your possession is a no brained. Without 2fa someone could guess your password, look at your iCloud documents, put your phone in lost mode etc..

i understand if they know your password they can do things with iCloud. but other than making your device play a sound, how can someone remotely access a device, open things up, make calls, etc...?
[doublepost=1456430756][/doublepost]

it's very naive of someone to totally dismiss the idea of iOS being "hacked".

i'm not saying it's impossible. i know there has to be ways to do it but nobody can ever give me an answer as to HOW it's done. that's all i'm really curious about.

 

[Zirel]

So, quite often I'll hear of people talking about their iOS devices being hacked. They say things like somebody is remotely accessing their iPhone, changing things around and making calls, texts or browsing websites in safari, etc. I've always just assumed they're full of crap and they're just the type of person who's got all these conspiracy theories. Is there any validity to these types of statements? If yes, how is somebody able to remotely access another user's device?

No, there's no validity in those comments. There is no known way to hack into iOS (at least 9.2.1) remotely or with the device in hand.

You can steal a user's password through various methods (make a phone call, say you are Apple, and ask, people that share passwords between various accounts, etc.). But that's not "hacking iOS" or "hacking iPhone", or "hacking iCloud".

The group that thinks it's impossible to hack iOS and the group that thinks every little thing is a "hack"

It may be possible, but there is no public knowledge on how to do that currently.

 

[kaielement]

I have seen people think there iOS device was hacked when they notice say safari showing things in the history that they claim they never went on with that device. Most of the time it's just iCloud syncing across their devices and they are not tech savvy enough to know it. They don't even know how to turn that off or on. Most of the time these are the same people who are convinced that Apple is spying on them lol.

 

[dannyyankou]

Well jailbreaking is hacking in the first place...

 

[cynics]

It may be possible, but there is no public knowledge on how to do that currently.

It wouldn't be a "hack" if it was public knowledge...

 

[Elisha]

If it is man-made it is hackable. Nothing us unhackable. It's whether or not you want to spend time and resources to accomplish it!

 

[Jessica Lares]

The reason they built the third-party keyboard API the way they did, with the limitations, is because that would be the easiest way to do lots and lots of damage. You'd get their passcode, their credit card numbers, their name, address, lots of logins, be able to identify to what services they were tied to based on searches/language used (like hashtags for Twitter), and other stuff. And you can't just have it not do server based stuff to begin with because then that loses the whole benefit of stuff like Swype and SwiftKey who would then have to have you update a database every month.

Around here you always have people complaining about that "bug" where you get redirected to Safari and the App Store from an ad or whatever. Some people don't make that connection, and some don't understand the difference between simulated text/phone conversations and real ones either.

 

[Zirel]

It wouldn't be a "hack" if it was public knowledge...

Why not?

 

[steve62388]

In the case of your friends claims I would say they are wide of the mark, but...

There is a reason the NSA has remained quiet and not requested a back door into iOS during the current brouhaha. Dum dum daah [sinister music].

 

[pika2000]

I think the term "hack" has been widely used that it covers a wide array of methods.
1. Brute force. Eg. guessing a password by typing every single possible combination
2. Software exploit. Eg. exploiting a known bug in the software itself
3. Social engineering. Eg. user facing, guessing one's password to be his/her dog's name.
4. Not a hack at all. Eg. a user's kid make a phone call without the user's knowledge, or disclaiming one's actual action as a hack.

One would be surprised how many lay people's definition of a "hack" is no 4.

 

[cynics]

Why not?

I hate the term hack/hacker, it seems so corny to me. Also I feel the definition is subjective.

Despite that, a hack (verb) is the process performed by someone of a higher skill set then the public, a software engineer/programmer...a hacker.

Copying or using software written by that person is not hacking nor does it make the person doing it a hacker. You are just exploiting a security hole/bug that was established by a hack (the process).

Obviously there are a lot of gray areas and I know everyone that opens terminal considers themselves a hacker however I don't feel that's the case..