2014.11.17 / Tags: weeknotes
Something I completely forgot to mention in my previous weeknotes, maybe because I’d love to pretend it never happened, is that my iPhone was hacked a fortnight ago. There I was, awake with a start on a Sunday morning as my phone blared some random video (I don’t remember what; I wasn’t in the best of moods to take notes, like) and witness to someone, somewhere, bumbling their way remotely through a number of my open apps, and attempting to access others, most unsettlingly 1Password — which I could see them open, chancing their arm at my master password (good luck with that, chumps).
Suffice it to say I was panicked beyond belief. Fearing the worst — that someone had hacked my Apple ID, for how else could they attain that kind of access? — I tried to contact Apple customer support, but it was a Sunday morning, and the phone line was still 90 minutes away from opening. (I did get through later, and all they could tell me was that my ID was safe, which was some reassurance, but still.)
I suppose it was fortunate that whoever was fucking with me gave up after 10 minutes or so, and my phone went dormant. It was a good few minutes before before I plucked up the courage to survey the damage: some gibberish bookmarks and web searches in my Safari and Chrome histories, and world clocks added to the Clock app (I grabbed some screenshots of this vandalism).
Then came the detective work. How could this happen? I reached out on Twitter and elsewhere, but the mystery remained. Apps in iOS are supposed to be sandboxed to prevent this from happening, a few reminded me. This kind of access could only be achieved by jailbreaking, I was sure, but my phone isn’t jailbroken. Perhaps unknowingly jailbroken? It appears that’s possible, if your phone gets into the wrong hands for even a few minutes. But my phone is always in my possession, and only charged with the stock Lightning cable via the mains or my desktop.
Could it be that my desktop was infected somehow and that infection jumped to the iPhone? According to Boing Boing, that’s a real thing that’s happening now. But reading closer, I can’t see how it applies to me, as I didn’t have any new apps, or prompts to download malicious ‘updates’, at any time prior to that morning.
So it remains a mystery. Meanwhile, I spent half a day virus-scanning my computer, not to mention restoring my iPhone to its factory settings and replacing my apps (minus a few ad-supported ones that I didn’t feel comfortable using anymore). And I’m praying I’ve done enough to ensure it doesn’t happen again, which is difficult when you don’t know how it happened in the first place.