The following information is from a friend of mine (Michael Jenkins) that has had first hand experience with the issues. It highlights what may be an ongoing hack on the iPhone OS. Details are sketchy right now, but investigations are under way by a number of sources. Please read the information and if you feel you’ve seen this then contact Michael direct.
We spend a huge amount of money, and resources, on protecting our data and infrastructure from unscrupulous use. We analyse networks, servers and software looking for the smallest leak. In days gone by, the simple floppy disk or USB key was a risk. Then it became unencrypted lost laptops (or net tops) and there has been the ever present threats from the internet.
Rarely do we review such useful devices and simply trust them, like the iPhone.
What would you do it you looked down at a friends iPhone one day only to see your domain username and password splashed across the screen?
We trust devices such as iPhones. We trust companies like Apple to give us secure devices and have partnership agreements in place to cover bridging technologies (like Microsoft Activesync) so that the device we hold is as patched and protected as it can be. If something goes wrong, we trust them to fix it as quite simply we can’t. We can patch with whatever they give us or turn off the dangerous features making them useless but we can’t really tweak that much.
During this week I have had such a wake up call. I have been dragged into this scary world. As an IT specialist and someone that works with security daily, I have overlooked the simple. The device that I, and many others, carry in their hands and on their hips.
I was contacted earlier this week by people who had Flash SMS’s to their iPhones with some very scary words. During the remainder of this week I have been exposed to numerous more phones, including one in Florida, who have had sensitive information flashed up to the screen. The information contained on the screen includes domain information, passwords and even iTunes and Gmail account passwords. I have seen parts of Visa card numbers and much more.
I am only guessing here but with the huge amounts of information available on the internet and even Apps in the iTunes App store which allow you to send your own Flash SMS’s, I suspect someone has made a 2 part hacking tool. One part is Malware and gets into possibly Microsoft Exchange servers or at the very least gets into ActiveSync and starts cultivating usernames and passwords and the other part sends Flash SMS’s to random phones whose numbers are stored in your favourites in your Phone PIM data. From the screen shots I have seen I have seen domain controllers internal domain names, local administrator passwords for workstations, Network usernames and passwords and much more.
The Flash SMS is an interesting tool. It was designed for Telco’s to send important messages to their users. It leaves no SMS in your inbox or anywhere you can see on the phone and simply leaves you with one button on the screen to dismiss the message. It is not meant for the purpose I am seeing.
Currently I am working with numerous security partners including Microsoft and Apple to resolve this. If you get any such messages accompanied by the SMS audible tone, press the power button and main button to take a screen shot and send it to [email protected]
I hope to soon be able to tell you what to do, to keep safe. At the moment all I can suggest is remove Credit card numbers from iTunes accounts, change your passwords and update to OS 4.0.2
Adam T says
hi i had the same thing on my i-phone and this is all i could find on it.
i didnt get a screen shot but i saw some email and what could have been a password.
hope apple start flying straight soon or im ditching.
me says
is it ACTUALLY in the process of downloading info when this screen comes up (and showing a % progress indicator?!) or is that just for show? If so, then maybe it would be more advisable to….you know…turn your phone OFF as opposed to taking screenshots :/
Radek says
Is this fixed with Iphone OS Update 4.0.2 ? Or is it still exploitable?
Ta
Radek
L1feless says
This is an interesting post an issue. I believe part of the problem is that Apple is controlling who and what apps get published. They hold all the keys. The issue is that in this process they either do not require or do not audit the source code or behavior patterns of the software they release and allow their customers to install. Although I personally do not like Apple’s model of smart phone’s I can appreciate why they are doing it. Their core goal is to make a device which they can control and ensure quality. With this in mind I think Apple really needs to tighten the screw and audit it new submissions and existing apps.
On the same note I think Google will need to have (if they don’t already) a similar process of application validation. Google is more liberal with what can be installed in the Android but will need to have a validation and audit if it too is to avoid issues like this on a larger scale.
Mickyj says
Adam T, can you please contact me about your phone? I need to get as much demographic details about those hacked as possible. We do not care if you have or have not jailbroken your phone. We need more information.
Please consider this a plea for anyone to repond.
[email protected]
aaeezy says
http://psichron.za.net/wordpress/2010-08-23/sending-a-class-0-or-flash-sms-with-the-iphone/
the above link explains all
Mickyj says
As this phone is not jailbroken and the Flash 0 contained secret passwords known only to the recipient, then this web link is not applicable.
Maryanne says
My iPhone has shown recent questionable activity.
Data uasge when phone off and no emails nor phone calls received.
There are also no apps on my phone.
My phone is not jailbroken.
Have noticed that the signal strength suddenly decreases tremendously, despite AT&T gifting me with a microcell. Had no problems until January 2011.
Signal strength decreases, very noticible.
Battery fading faster than normal, very noticible.
Signal strength interuption, very noticible.
The payoff was yesterday while accessing my email on my phone, I saw something which read ‘ downloading 7 files’ flash across bottom of screen ( the same way you would see a message being sent)
That confirmed in my mind that my iphone has certainly been compromised.
Spoke to AT&T who gave a song & dance.
Spoke to Apple, who reluctantly confirmed suspicious activity .
Ebony says
I’ve noticed my battery running down alot quicker than usual and random programs keep opening.
Just now my phone was sitting on my desk and voice control just randomly popped open on it’s own and then closed back out.
Also it takes my phone FOREVER to turn on. Sometimes I’m afraid to turn it off and my signal strength is lower tha normal too!
Trevor says
My phone has been acting very strange.. I have pop ups saying my AT&T bill has been completed and things saying that device is not compatible with this software. My battery dies much faster and my phone deleted all my text messages out of no where? Whats going on?
Mickyj says
I have since heard that Mobile Me accounts can be created and then used to access phone settings and send Flash Zero SMS’s. This might be the source of much of the Mischief
chrissy says
My ex hacked my iphone today. I have had it for just over 24 hours (my first Iphone) and he is across the country. it went like this: he called from a number i didnt know I missed the call and when i tried to call it back i got a message that the phone was disconnected. I texted the phone asking who it was I got a text back that said “really” tried calling again but the phone was again disconnected. I then check my email on my computer, I have an email from myself (from my personal email to myself) with a nasty mean subject and the body saying sent from my Iphone. I check my outgoing mail and there is a message again sent from my iphone to my ex’s mom with another negative subject and the body saying sent from my iphone. i did not send either of these emails. what do i do?
Wayne Small says
Chrissy,
First thing to do with this is to change your passwords for email etc. That is the most likely cause of the issue. If you have bank passwords as well – change them too just to be safe.
mickyj says
More information has been made available with this article
http://www.scmagazine.com.au/News/277185,untraceable-iphone-flash-smses-carry-hacked-data.aspx
Steve m says
just had my iphone hacked, ended up with a virus on the computor, my microcell & phone had to be removed from the system and reentered as a new device by AT&T. i began having emails, calls & texts being sent out saying they were from me but in fact they were not. i have just recieved a new number and email address changed web key on router and all passwords. first will i now be safe and second why would all the text and calls be on my bill if they were not from my phone. please help i am at a loss as to what has gone on.
Brenda says
My iphone has been hacked as well. It appears the person has access to all of my phone conversations and all of my texts — for how long I do not know. This hacker has sent messages to several people on my phone list pretending to be me…….these messages are showing on my log as me sending them, but that is NOT the case! The hacker also gained access to my FaceBook account, my gmail account and god only knows what else. This is a true NIGHTMARE and I am getting blamed for horrible messages sent to my boyfriend that were never sent from me! How does one fix a problem like this???????
Razz says
I am encountering the same case as brenda. Someone can access my contacts and can send messages using my own number as well as my conversation messages. Can also access all my email accounts and facebook then suddenly i just saw that some of my private pictures was already uploaded. People are thinking that im crazy because they cant think that it is possible for someone to access everything on my phone but it is really happening. The first time that i encountered this, i changed my iphone to a new One but same model but after a few mOnths the same thing happend again. Please help!!
Cendra says
After reading Brenda’s story of an ex hacking into her IPhone. I was wondering if you found at how and/ or if you found someone that could verify your IPhone was hacked remotely. I have had my email account hacked into for the third time. Each time I created a new account and new password. The most recent email address domain @att.com was very secret and I had no problems for a year and a half until suddenly I noticed an email from lawyer I received was already opened before I saw it. Shortly after I noticed that on a few phone calls on two different evenings I heard clicking noises and a repetitive beeping noise that IPhones don’t make. The beeping noise went away when I hung up. I called another number and the same noises. It almost sounds like the sounds are not coming from my phone itself. I have an IPhone 4. I have had an IPhone from the year they came out. I feel like maybe two things have happened here, my email address hacked and some of my phone calls were remotely accessed and heard. I have caught P.I. on my property. 2 years ago I got a second phone with a different carrier and did not tell anyone. My ex boyfriend has a lot of money at his disposal. Anyone out there that can help me protect my privacy . Has anyone heard the repitive beeping noises during a phone call?
marcus says
Whenever I make a call or receive a call, it connects fine, but it also shows that I have an additional call going on with an “Unknown” caller. Why is this?
Lisa says
I’m freaked out. I updated to iPhone 5 in August and the battery life, of course seemed shorter. I’m a single mother of 3-very busy, so it’s hard to keep track and follow up on these things. However, I have iCloud and I was deleting superfluous contacts when I came upon one that said ‘Blacklight Spoofed’ and had several different (>25-50) 1-800#’s on it. It was shocking and I immediately deleted it. I know now that I should not have because it would possibly have helped me define the situation more clearly. But please, if you can provide any assistance, I’d be greatly appreciative. Lisa
mickyj says
Update for those that find themselves in this situation. We found the person dong this. It was being done to scare people into handing out money to remove the worrysome messages and stop the attacks.
3 step process.
Hack someones personal PC and get all their passwords out of their Windows local password cache and Internet explorer cache.
Get an older windows mobile with a Flash SMS application and send flash SMS to your target and scare them into thinking that they have been hacked by including personal details and some gibberish.
Later make contact and try and get money from the person who was attacked.
As it is a flash SMS, sending it to an iPhone will not provide sender details and the SMS is deleted as soon as it is viewed.
In this case Exchange, the server, Activesync and the iPhone are not actually hacked.
mickyj says
See Waynes followup post to see how this particular case eneded (See the comment 7/6/2013)
http://sbsfaq.com/?p=2169&cpage=1#comment-23670
check carrier iphone says
I am actually pleased to glance at this web site posts which carries tons
of useful data, thanks for providing these kinds of data.
Gilbert says
If some one needs expert view regarding blogging and site-building afterward
i recommend him/her to pay a visit this weblog, Keep up the
nice work.