Concerned my mom's devices have been pwned

Submitted by myfufu t3_10648cf in iphone

Not going into the details because it'd take too long, but reasonably certain. I'm a Windows/Linux/Android guy with minimal Apple experience. Mostly trying to do support for my mom.

I've double-erased her iphone but now I'm concerned restoring it from an iCloud backup will just give access back to whoever gained it in the first place. I've reset the AppleID password, so that should be good but I'm annoyed to learn I can't do a partial backup restore.

About to wipe her Macbook, but same concern... if I just restore an iCloud backup I could be restoring the malware as well. At the same time, all her pics & etc are on the iClouds.

Thoughts/recommendations? Thanks much.

5

Comments

You must log in or register to comment.

FullMotionVideo t1_j3ekju3 wrote

iPhones have basically no real attack vector, since all software available for the thing is curated by Apple to look for malware. To put it in a way a Linux user would appreciate, unless you're the kind of person who runs Arch or Gentoo, you're not going to be running unsigned code on the phone. All the software on the device has been approved by Apple before it was ever given a signature and allowed to be downloaded.

A number of older models can be deliberately jailbroken to run unsigned code, but you have to be one of those enthusiasts I just mentioned. She also maybe could in theory join a beta test group on TestFlight (the pre-release public testing platform) that would run malware that hadn't been submitted to Apple, but that's very unlikely.

This is a device state agencies are using and their enemies are trying to hack into. Some script kiddie targeting a wide range of people like your Mom is not going to be hacked. What is more likely to happen is she falls for a phishing attempt and people get ahold of her credit cards or personal data by pretending to be Amazon, Comcast, etc.

7

myfufu OP t1_j3elvtw wrote

Yep. I'm 100% sure that's what happened. But somehow she gets a new CC and within 24 hours the number is on the street and being run again. She even changed banks and the same thing happened. As soon as the number gets entered in one of her iDevices, it's out there.

4

thursdayfern t1_j3esqaf wrote

Where is your mother entering in her credit card details?

Adding the card to wallet? Saving the card details to safari auto fill? PayPal? Just using the card on an online store?

7

SomegalInCa t1_j3f2nrs wrote

Yeah good questions- likely hood of phone etc being hacked so much lower than a phishing attack

Have you checked the browser on computer for a keyboard sniffer?

2

myfufu OP t1_j3f8e1r wrote

There was a suspicious looking pay "ad-blocker" app that I removed; otherwise no extensions on any of the browsers as far as I can tell.

1

SomegalInCa t1_j3f8h3q wrote

Worth googling it to see what others say

3

myfufu OP t1_j3gyp3f wrote

Reviews made it seem legit, but I remain skeptical. Thanks for the thought though.

1

myfufu OP t1_j3f89cb wrote

Great questions. Pretty sure she had it in the Apple Pay for whatever reason. Yes to wallet, I think. No to autofill and Paypal. Yes to online shopping. But suspicious charges have shown up with a new card on like, the second day when she's only been grocery shopping. It's flippin' weird.

The other concern is her online banking. We have changed her bank account password and I basically told her she's not allowed to look at her account on these devices until I get them wiped.

2

myfufu OP t1_j3es9sf wrote

Not sure why the downvote, I'm reporting what happened.

2