iphone being hacked by stalker

Forums › Apple iOS and devices › iphone being hacked by stalker

onetapu

242 posts

Master Geek
+1 received by user: 14

#289696 23-Sep-2021 16:20

We believe a family member is being stalked by a very nasty/cunning/smart ex. He turns up where she is too many times for it to be coincidental and appears to have access at least to her call log as he definitely knows who she has called. She has an iphone and an ipad and has been using Imessaging. She changed her phone but can not change her number (for valid reasons). She has disconnected from any icloud backups. Police and various IT experts have been unable to help her. We are now advised that it is very easy to put something on someone's phone to track them if you know their phone number. Is anyone able to help with a) how to find malware on her devices and b) how to block it happening. Would Whapsapp or Snapchat or something else be more secure?? Thanks in advance

1 | 2

3384 posts

Uber Geek
+1 received by user: 1023

Trusted

#2782955 23-Sep-2021 16:24

It's not mentioned, but i assume she's changed her passwords?

And controls the email account related to her account so they can't "reset" it to their email account.

Also look at 2FA on the icloud account.

And check he doesn't have any devices in the "family" sharing settings.

I'm sure there is something that can check for stalkerware on apple devices, as I doubt they are using NSO group style hacking

I'm not an apple person however..

CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB: Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX

onetapu

242 posts

Master Geek
+1 received by user: 14

#2782956 23-Sep-2021 16:25

I meant to say she has changed all her passwords etc but it is still happening.

onetapu

242 posts

Master Geek
+1 received by user: 14

#2782957 23-Sep-2021 16:28

He also has access to their children's ipads

duckDecoy

946 posts

Ultimate Geek
+1 received by user: 432

Subscriber

#2782959 23-Sep-2021 16:29

Yuck, sounds horrible.

Slight tangent, its not someone she knows (friend/family) passing info onto the ex is it???

migrif

80 posts

Master Geek
+1 received by user: 25

ID Verified

Subscriber

#2782963 23-Sep-2021 16:39

One thing to check is the list of devices signed into the iCloud Account.

On the iPhone, go into Settings > iCloud then scroll down the bottom of the page, you'll see a list of connected devices. It's possible the device name has been changed by the 3rd party to be something that looks normal. If you find an offending device, you can click on the device, then "Remove from Account".

Other things to check are, in the same iCloud page, look at Family Sharing and Find My Friends. Find my iPhone is another way the device could be tracked.

Also I'd suggest they change their password for their mobile phone provider incase they're pulling logs from there.

Broadcast Engineer working in Auckland, New Zealand

alasta

6888 posts

Uber Geek
+1 received by user: 3362

Trusted

Subscriber

#2782964 23-Sep-2021 16:42

Further to the above, if you do find any unknown devices connected to the iCloud account then make sure you change your iCloud password immediately after disconnecting the offending devices.

HP

Shop now for HP laptops and other devices (affiliate link).

migrif

80 posts

Master Geek
+1 received by user: 25

ID Verified

Subscriber

#2782965 23-Sep-2021 16:44

alasta:

Further to the above, if you do find any unknown devices connected to the iCloud account then make sure you change your iCloud password immediately after disconnecting the offending devices.

Agreed! To add to that, its possible keychain is enabled also so they would have access to all their passwords via iCloud. 2 Factor Auth is a good next step, after removing the offending devices.

Broadcast Engineer working in Auckland, New Zealand

MaxineN

Max
2049 posts

Uber Geek
+1 received by user: 1662

ID Verified

Trusted

Subscriber

#2782968 23-Sep-2021 16:49

migrif:

One thing to check is the list of devices signed into the iCloud Account.

On the iPhone, go into Settings > iCloud then scroll down the bottom of the page, you'll see a list of connected devices. It's possible the device name has been changed by the 3rd party to be something that looks normal. If you find an offending device, you can click on the device, then "Remove from Account".

Other things to check are, in the same iCloud page, look at Family Sharing and Find My Friends. Find my iPhone is another way the device could be tracked.

Also I'd suggest they change their password for their mobile phone provider incase they're pulling logs from there.

This actually sounds like they're in an iCloud family and they should probably remove themselves from it and also maybe as an extra step delete/de-activate all iCloud accounts and start from fresh so they cannot be re-invited in.

Ramblings from a mysterious lady who's into tech. Warning I may often create zingers.

MaxineN

Max
2049 posts

Uber Geek
+1 received by user: 1662

ID Verified

Trusted

Subscriber

#2782970 23-Sep-2021 16:57

Sorry OP I should probably include the actual steps to achieve a total wipe.

>Change all accounts related to the current iCloud account that is being tracked(so yes your email(s) and services tied to the iCloud account email) to a new e-mail.

>Once done turn OFF Find My.

>Sign out of iCloud on current device.

>Log into iCloud from another web browser and de-activate/delete through here https://privacy.apple.com/

>Create a new Apple ID/iCloud and sign back in on devices.

Doing so will prevent activation lock if you need to wipe the phone(because find my is off) and you also removed iCloud pre-emptively pre-wipe so you DON'T end up in an activation lock upon formatting and the deleted iCloud account is tied to it(getting this removed is messy and you will need the IMEI and serial numbers of ALL DEVICES tied to the deleted account if you don't turn off Find My first and remove the account from the phone and other devices).

Ramblings from a mysterious lady who's into tech. Warning I may often create zingers.

Mosbo

35 posts

Geek
+1 received by user: 15

#2783029 23-Sep-2021 17:18

onetapu:

He also has access to their children's ipads

If the children's ipads are on the same iCloud as the parent (commonly done, for easy setup etc...) then if he has access to them, he has access to all her messages in iMessage and anything else accessed via the shared iCloud keychain (passwords for facebook/messenger/whatsapp/etc...)

Something like this is much more likely than some kind of installed malware/spyware thing.

If this is likely then best/safest thing to do is to sign out of the current iCloud on the phone and setup an entirely new one.

Batman

Mad Scientist
30012 posts

Uber Geek
+1 received by user: 6217

Trusted

Lifetime subscriber

#2783067 23-Sep-2021 18:55

create a new icloud and delete all links to current icloud

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

RunningMan

9184 posts

Uber Geek
+1 received by user: 4833

#2783068 23-Sep-2021 18:58

There's other apps that will share location if you let them too. Settings->Privacy->Location Services will tell you what is using location and when. Disable location services for anything that doesn't really need it.

1024kb

1197 posts

Uber Geek
+1 received by user: 519

ID Verified

Lifetime subscriber

#2783819 24-Sep-2021 19:10

Could also have the Share My Location feature enabled in Find My iPhone or Google Maps. The switch is fairly deep in both apps, could easily be unaware of it being on.

There is no need to ditch the existing iCloud account though. To discover what’s enabled & who’s got access, go to appleid.apple.com in a desktop browser. Sign in & examine the account status - remove any unknown / unexpected devices, remove any unwanted services with access, add 2FA & change your password. Going over the account carefully there will show any privacy leaks & enable you to solve them.

Follow that up by doing a security check on the Google account too, I guess she’s signed in to Google services on the iPhone - most people are. The Google account security check provides the same informations as the Apple ID page.

Finally, for perfect communication privacy, she should use Signal Private Messenger. Signal does require both ends to be using the app (obviously) but there is zero possibility of data or even metadata leakage. Signal is fully E2E encrypted for all communications - voice & text, it’s open-source & funded by donations. Using Signal will guarantee that all her communication is private between her & the recipient.

Megabyte - so geek it megahertz

Behodar

11090 posts

Uber Geek
+1 received by user: 6070

Trusted

Lifetime subscriber

#2783821 24-Sep-2021 19:17

1024kb: There is no need to ditch the existing iCloud account though.

Indeed. Especially if there are purchased apps, music etc. then you wouldn't want to delete the account.

onetapu

242 posts

Master Geek
+1 received by user: 14

#2783875 24-Sep-2021 19:26

Thanks for all this info and I’ll let you know how it goes

1 | 2