Can an iPhone be hacked? A breakdown of common hacks and cyber hygiene best practices
Ning Zhang, assistant professor in the department of Computer Science & Engineering, offers his expertise to Insider
iPhone hacks aren't incredibly common, but they can still occur if you aren't careful.
From malware and trickster apps downloaded from the App Store to targeted attacks on a specific device, your information can be stolen in myriad ways.
Here we'll break down the common types of hacks, how to tell if you've been hacked, and what to do about it.
How an iPhone can be hacked
Hacking occurs when someone else gains access to private information on your device or controls it without your consent. It's a broad term, and lies on a gradient of bad to very serious. Some hackers want to make a quick buck selling advertising. Others want to hurt you.
Experts said there are a few main types of iPhone hacks:
Suspicious websites or links
Just like on your computer, your iPhone can be hacked by clicking on a suspicious website or link. If a website looks or feels "off" check the logos, the spelling, or the URL.
Try to avoid connecting to a password-free public Wi-Fi network, which opens the possibility of a hacker accessing unencrypted traffic on your device or redirecting you to a fraudulent site to access login credentials.
Messages from numbers you don't recognize are also suspect.
Fortunately, modern smartphones are good at resisting malware and ransomware.
Suspicious apps on the App Store
Apple devices exist in a much more closed and monitored digital ecosystem when compared to Android devices.
The company has a vetting process for apps on its store, but it's not bulletproof.
Ning Zhang, who leads the Computer Security and Privacy Laboratory at Washington University in Saint Louis, said to watch out for apps that ask for more information than they'll need to function.
For example, if you've downloaded a wallpaper or flashlight app and it's asking for your location or contact list, camera, or microphone, that's a red flag. Likely, the developers are tricking you into giving out this information so it can be sold.
"I'd be a little bit skeptical about it and consider if I really want that wallpaper app," he said. "Being vigilant, even with official apps, is helpful. If we are able to do that, I think for the average person, you should be fairly safe."
Intimate partner hacks
Abusive partners can grab your phone and download spyware (or stalkerware) when you're not looking. This malicious software can be used to track your location, or make private information like texts, your call history, and emails accessible to them.
All they need is your password and physical access to your phone. Experts we spoke to said that this is unfortunately common. This abuse can be psychologically traumatizing and devastating to someone's personal and public life. If you notice apps that you don't remember downloading, this could be a sign — although many times the spyware app is invisible on the home screen.
Sadly, this problem isn't easy to fix. Victims can risk their safety by deleting the apps or checking for malware if and when abusers notice these actions.
The average person probably won't be singled out and remotely targeted by hackers because it's expensive, sometimes costing millions for hacks of newer phones, said Matthew Green, an associate professor at the Johns Hopkins Internet Security Institute.
Journalists and activists are most at risk for this kind of hack.
One form of a targetted hack works like this: Hackers exploit unknown flaws in the iOS programming that even its developers don't yet know about. With this knowledge, hackers can install malware to get data from targetted sources.
"This is a very sophisticated set of hacks and oftentimes you won't even know this happened to you," Green said. "If it's someone who is really sophisticated, they'll send you an invisible text message and then your phone is going to be compromised for awhile."
The bugs are known as "zero-day" exploits, corresponding with the fact that Apple will find out about a possible security issue in their software on the same day it'll work to patch it. The minute the world knows, it's only a matter of time before the hack is obsolete. That's why these pricey hacks are often kept under wraps by the people, or governments, who purchase them, Green said.
Ways to protect yourself from an iPhone hack
iPhones can absolutely be hacked, but they're safer than most Android phones.
Some budget Android smartphones may never receive an update, whereas Apple supports older iPhone models with software updates for years, maintaining their security. That's why it's important to update your iPhone.
Apps on the App Store are also vetted for malware (though there are questionable apps that go unnoticed).
However, if you're considering "jailbreaking" your iPhone — removing the software restrictions imposed on iOS — you're opening yourself up to potential vulnerabilities in the software because you've eliminated some of Apple's existing security measures. It is possible to download incompatible spyware or malware apps on a jailbroken phone, and this is also how remote takeovers can occur with iPhones. A jailbroken phone should be avoided as it can dangerously allow malicious apps to go undetected.
If you backup your phone in iCloud, make sure to have a strong password. If someone gets ahold of your password, they don't even need to hack your phone because they can download a backup from the cloud.
Turning on Apple's two factor authentication is another good way to stay safe and can prevent your iCloud account (Apple ID) from being hacked by requiring another step of verification.
Vyas Sekar, a professor of electrical and computer engineering at Carnegie Mellon University, said staying safe is all about "good digital hygiene."
"Install apps from trustworthy sources and unless you know what you're doing, you probably don't want to jailbreak your phone," Sekar said. "Be careful. Don't click on attachments you don't want to open and keep your phone up to date."
How to tell if your iPhone has been hacked
You can't always tell if your iPhone has been hacked, Sekar said. But you may notice a few things.
- Your phone is unusually hot, or frequently dying.
- Your phone is sluggish when trying to load websites.
- The battery is draining even when you're not touching your phone.
These symptoms indicate the phone is running all the time, even when you're not using it. Sometimes, the best indicators come from the outside, such as when friends say they're getting odd messages from you. However, the most sophisticated hacks can be somewhat invisible.
There's no definite way to check for every type of hack. Experts told us that one reliable way to investigate is to download a mobile security app called iVerify, which scans your phone's operating system for suspicious behavior and can also detect if your phone has been jailbroken.
What to do when your iPhone has been hacked
If you know your phone has been hacked, you have a few options depending on what happened.
For minor problems, like an app stealing your information, delete the app and update your software.
In serious cases, you'll want to wipe your iPhone and restore it to factory settings. But even if you do that, it may note be completely clear if you've gotten rid of the malware installed on your phone — especially if it has been jailbroken.
Finding an expert for inspection may be the best solution. Green from Johns Hopkins said your phone can't always be cured.
"I hate to say this, but if you really, really need to be safe, get a new phone," Green said. "If somebody actually gets on your phone, and it's a really high barrier for iPhones, they can install stuff like keyloggers, which means every key press, every letter you type in is being sent to somebody. Until you're sure that's gone, you can't be sure you have any privacy."
If you can't get a new phone right away, a hacked iPhone is likely not safe to use, so you're best to leave it turned off.
Click on the topics below for more stories in those areas
Faculty in this story