So if anyone here follows me on Twitter, you'd know that someone hacked my iPhone 5S yesterday morning, or tried to anyway. They were able to play a video (I don't remember what, it woke me up, no idea what app either, there was nothing in YouTube or the Videos app) and I could see them right there on the screen accessing a few apps, activating the keyboard - and if that wasn't scary enough, trying to get into 1Password, so they knew what they were doing.
This happened just after 8am yesterday, and I regained control around 25 past (after trying to turn off the phone, I got to the screen with the 'swipe to turn off' bit but it wouldn't swipe). Believing they'd got my Apple ID or iCloud somehow to get in, I was able to reset my password on my laptop (connected via iCloud for bookmark syncing, but unaffected by any of this).
Then I called Apple when the lines opened at 10am (like, the worst possible day to get hacked, right?) and they confirmed that no one had socially engineered them to get at my ID. That made sense as they weren't able to reset anything, only add weird random bookmarks and do a search in my Safari, visit random pages in Chrome, and add world clocks to my Clocks app (and use the map function in Breeze). Those are all apps that were running at the time (as in, windows open when you access the task manager). Nothing was deleted or otherwise changed, thankfully.
Apple also confirmed to me that it's impossible to gain that kind of access unless it was through an app, or app vulnerability, that let them. My iPhone is not jailbroken, every app on it was downloaded via the App Store, and the security hole could be in any one of them - but most likely, I'd say, an ad supported one (there was at least one I hadn't closed out of fully, I've removed it now).
Apple told me they'd never before heard of such a thing happening to an un-modded phone that's been in the owner's possession 24/7. So I thought it worth outlining what happened to me here, in case anyone else has had the same happen, or has any ideas of solutions or future precautions. Maybe I just got lucky (or unlucky)?
This happened just after 8am yesterday, and I regained control around 25 past (after trying to turn off the phone, I got to the screen with the 'swipe to turn off' bit but it wouldn't swipe). Believing they'd got my Apple ID or iCloud somehow to get in, I was able to reset my password on my laptop (connected via iCloud for bookmark syncing, but unaffected by any of this).
Then I called Apple when the lines opened at 10am (like, the worst possible day to get hacked, right?) and they confirmed that no one had socially engineered them to get at my ID. That made sense as they weren't able to reset anything, only add weird random bookmarks and do a search in my Safari, visit random pages in Chrome, and add world clocks to my Clocks app (and use the map function in Breeze). Those are all apps that were running at the time (as in, windows open when you access the task manager). Nothing was deleted or otherwise changed, thankfully.
Apple also confirmed to me that it's impossible to gain that kind of access unless it was through an app, or app vulnerability, that let them. My iPhone is not jailbroken, every app on it was downloaded via the App Store, and the security hole could be in any one of them - but most likely, I'd say, an ad supported one (there was at least one I hadn't closed out of fully, I've removed it now).
Apple told me they'd never before heard of such a thing happening to an un-modded phone that's been in the owner's possession 24/7. So I thought it worth outlining what happened to me here, in case anyone else has had the same happen, or has any ideas of solutions or future precautions. Maybe I just got lucky (or unlucky)?