• Status: Solved
  • Priority: Medium
  • Security: Private
  • Views: 72
  • Last Modified:

What to do about possible apple based hack.

What to do about possible apple based hack - An iPhone 6, an iPhone 7, an iPhone X, an iPad AirLight, and a Macbook Air

These were under the same iCloud password, which has been changed since.


1. When it started, the owner was using his MacBook Air and all of a sudden he lost control and files started moving around and then deleting themselves as if he was being remotely accessed. When it was done, he went into his contacts and there was only one contact left. He restored his devices, and watched for other symptoms.

2. Messages keep going across the screen on the iPhone X, like foreign languages along with the words "delete a" and ",". When he tries to find these messages they are nowhere to be found.

3. Other messages being sent to the devices and then automatically deleting themselves. Some of these messages involved the people he thinks were involved.

... along with some general strange behavior that we're doing updates and cleanup with to make sure they're not related.

He has an idea who might have done it, they have been contacting him and they are a shady character. They haven't admitted anything. The owner's concerned he's still hacked, and he wants to find out who did it and clean up the situation. He is under a secure, hidden network in a remote location and isn't sure if his network has been compromised. We've updated all the devices to the most current iOS, and took off any shady programs. We ran malwarebytes on everything and didn't find anything. We've also checked all his settings and had him change all his passwords.

How do we:

1. Gather the evidence of who did this.
2. Lock out all his devices so that he is secure.

Thank you so much, the owner is really worried.
2 Solutions
Dr. KlahnPrincipal Software EngineerCommented:
The best thing to do is do a full factory reset on each device and then put different strong passwords on each device.  Strong passwords, individual passwords, and not trivial variations such as "passwordphone1", "passwordphone2", "passwordipad".

Then if one is compromised, the others cannot be using the same password.  The owner won't want to do this, of course.

As far as gathering evidence, that is a rewardless task.  Unless you can prove it was done by someone residing in the same state and put a finger on them directly, if you take the evidence to the local police they won't have any interest.  Nor will the state police.  And the FBI is too busy covering up their tracks at this time to deal with crime.
Reinstall the whole thing and restore data from backup.
weikelbobAuthor Commented:
We're still working on this, but I'll go ahead and close it.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now