Tech Made Simple

Hot Topics: Holiday Gift Ideas | How to Fix Bluetooth Pairing Problems | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Can Your iPhone Be Hacked?

by Natasha Stokes on March 15, 2019

There are a lot of ways that iPhones are secured from hacks – by default they’re unable to download potentially malicious apps from non-App Store sources; Apple strictly polices the App Store for apps that may grab illegitimate permissions to users’ devices; and overall, because of these factors, less malware is created targeting iOS than Android devices.

“Apple does a tremendous work preventing the devices from being hacked, and except for the rare and short-lived cases of bugs or zero day issues, like the recent Facetime vulnerability, there is hardly any risk at any given time,” says Gary Davis, chief consumer security evangelist at McAfee.

However, that doesn’t mean there are no security risks for iPhones floating around online. 

The 4 Ways Your iPhone Can Be Hacked

1. Downloading malware-ridden apps

Apple has a reputation for policing its App Store more stringently than Google does its Play Store for Android devices, which in general has meant iPhones are less prone to risky or malware-ridden apps.

While still true, there are now more of those risky apps on iOS. One study back in 2017 found that as iOS became more popular with corporate and government users, the percentage of these enterprise devices with malicious apps tripled within a quarter. Hackers were exploiting the side-loading method used by enterprise IT teams to install company apps via a non-App Store service. 

And earlier this year, fourteen iOS games were found to be sending user data back to a server associated with an Android malware known as Goldluck. The data included IP addresses and sometimes location data and though the apps didn’t contain any malicious code, the security firm that found the issue said the apps presented a backdoor that hackers could potentially exploit to access app users’ iPhones.

Several iOS apps popular mainly in China, including the messenger WeChat were also infected with a virulent malware called XcodeGhost. Once an infected app was downloaded, the malware would create phishing screens to steal users’ logins and hijack the phone browser to open particular URLs that could potentially be malicious links to download more malware.

Jailbroken iPhones are at a much higher risk for being hacked since users are able to download apps from sources other than the App Store, where malicious programs are less likely to be blocked.

What you can do: Only download apps from the App Store, and always read the permissions an app requests when you first run it.

“Apple makes sure the user is always informed of all permissions requested by the App, but if you approve blindly for an App to manage and fully control your device, you cannot really complain,” says Davis. “You wouldn’t give your house keys to anyone who asks for them, right?”

However, researchers have demonstrated it’s possible to sneak a malicious iOS app into Apple’s official store. The app would appear innocuous on initial review, but after download, its permissions could be updated to carry out harmful actions that weren’t initially detectable. In this case, the onus would be on Apple to fix the vulnerability that allows such an app to obtain more access after installation.

2. Using public Wi-Fi

As meticulous as you may be about downloading legitimate apps from official sources, the greatest security risk comes when your iPhone is on a public Wi-Fi network.

“As long as users only install apps from the App Store the biggest risk factor is really from the network side,” says Davis. “Wi-Fi hotspots are being hacked and hackers can introduce man-in-the-middle attacks that can steal passwords or gain access to phones.”

Man-in-the-middle attacks mean that hackers intercept the data being transmitted between your iPhone and the Wi-Fi server, an especially easy task if you’re using an unencrypted hotspot - and according to Kaspersky Lab, over one in four hotspots are unencrypted. Public Wi-Fi hotspots are also at risk for session hijacking, where thieves may attempt to steal browser cookies associated with an online session with a service – for example, Facebook or Skype – and use those to login as the real owner and take over the account. 

What you can do: Use a VPN app to protect your privacy on public Wi-Fi. This encrypts all traffic between your iPhone and any server it communicates with, making it much harder for hackers to spy on your data. It’s a good idea to choose a paid-for VPN – free apps base their business model on monetizing user data, and with VPNs, the user data they have access to is someone’s entire browsing history. We like NordVPN (Disclosure: we have an affiliate relationship with NordVPN) and ExpressVPN.

3. Using a weak Apple password 

If you have a weak Apple password, it’s conceivable that your iPhone could be hacked via iCloud – especially if your email address is already floating around on the dark web and hacker forums from past breaches of various platforms.

Much hacking involves automated password cracking using botnets (networks of people’s computers that have been compromised by malware), which constantly try logging in to online accounts using lists of known email addresses and password cracking tools based on common passwords and dictionary words.

If your iCloud account is breached, that means a hacker can access the photos in your Photo Stream, the files in your iCloud Drive, your email, browsing history, calendar and messages – and what’s more, potentially use this information to hack your other accounts.

What you can do: Create a strong password and turn on two-factor authentication (2FA) for iCloud. A strong password vastly increases the time needed for a brute-force attack to crack your Apple account (think hundreds of years), while 2FA means that even if the password is guessed (say through a phishing screen, where the user is tricked into entering their login), iCloud will request a 2FA code – sent by SMS or email - before granting access. And for help automatically creating and managing your strong passwords, it's a good idea to use one of our picks for the best password managers

4. Taking advantage of bugs in iOS

Last year, a huge vulnerability was discovered in the Intel chips that power iPhones, iPads, Macs and Apple TVs, affording access to users’ most sensitive information. This vulnerability would need to be exploited by a malicious program, which could be a downloaded app or Mac program – but could also come from a malicious website. Luckily, no known devices have been affected, and updates to the MacOS and iOS were said to have patched some of the issues.

Another significant bug was discovered in FaceTime that allowed callers to hear the audio of the person they were calling, before they had picked up. If the receiver pressed the power button from the lock screen, their video would also be sent to the caller, unbeknownst to them.

The bug affected devices on iOS 12.1 and later, and Apple subsequently released an update to patch the issue.

What to do: Always download updates as soon as they’re available. In these particular cases, the presence of the vulnerabilities didn’t immediately correlate to security breaches – but it could have if these vulnerabilities had been found by criminal hackers rather than ‘white hat hackers’, such as security researchers.

5 ways to protect your iPhone from being hacked

Securing an iPhone from hacks comes down to general security hygiene. Follow these five steps to ensure you stay safe.

1. Make sure your iOS is up to date

The easiest way to ensure your iOS is up to date is to turn on automatic updates. You can find the option by going to Settings > General > Software Update

2. Only install apps from the App Store

When you jailbreak an iPhone, you install an unauthorized version of iOS. People do this to gain more access to the functionality of the hardware, but they also bypass some of the security features Apple has put in place to keep hackers out. If you haven't jailbroken your iPhone, you won't be able to install apps from other sites. Staying with the official version of iOS and using the App Store will provide the most protection.

3. Always read the authorization dialogs an app presents when you first run it

Most apps don't need full access to your phone. So when you install an app, make sure that the access the app requests is in line with the functionality it delivers. If an app requires too much access, you should consider an alternative.

4. Use a VPN on public Wi-Fi

VPNs provide end to end encryption from your computer to whatever website or service you're using. If you're using a public Wi-Fi network, it makes sense to keep all of your data encrypted so you're not vulnerable to hackers hijacking your session and stealing your data. We like NordVPN (Disclosure: we have an affiliate relationship with NordVPN) and ExpressVPN.

5. Install an iOS security app

The McAfee mobile security app prevents you from opening malicious web sites, detects if a Wi-Fi hotspot is compromised and comes with a VPN feature, while Avira similarly protects from phishing links and can check if your email has been hacked. Sophos checks Wi-Fi hotspots for cyberattacks, along with offering a 2FA code and password generator.


Topics

Privacy, Phones and Mobile, Mobile Apps, iPhone/iPad Apps, Tips & How-Tos


Discussion loading

gravatar

From Wolf Peiser on March 21, 2019 :: 6:13 pm


When I read articles about security, hacking and WiFi usage, there is never mention about the facial recognition feature and if that provides an extra level of security when in risky environments such as public WiFi or guest WiFi sites.

If I log into my bank account via my iPhone while at the library or in a coffee shop, and both phone and the bank permit entry or usage via facial recognition, what risks am I exposed to?

Reply

gravatar

From JimG on August 13, 2019 :: 1:18 pm


Internet articles describe how phone calls are intercepted by don’t go very far with recommendations.  My neighbor is listening into my cordless phone calls (2.4 Hz) and I wanted to know if there is a way to block this.  I was hoping that you could provide some insight. Thanks

Reply

gravatar

From Josh Kirschner on August 13, 2019 :: 4:41 pm


Old cordless phones transmitted non-encrypted to their bases, so they were very easy to intercept. Pretty much every current cordless phone on the market uses encrypted communications and will keep your conversations private. Look for ones that say “DECT 6.0” for the best quality. You can find them for as little as $20 (for example: https://amzn.to/2YQNOsU), so it’s really a no-brainer to get a new one.

Reply

gravatar

From Steve Welgan on December 02, 2020 :: 4:19 pm


How many hack my phone get off of it

Reply

gravatar

From Carlos C. on October 02, 2019 :: 2:54 pm


Hello,

I purchase a new iPhone 11pro and I did the face id log in setup. I completed the setup and and the phone worked really nice for security reasons.

Procedure for Face ID: Completed.

Issue:

My younger son was able to open my phone with his face without any issues. I know we look alike but this was very strange so I redid my Face ID and it happen again.


Solutions:

I found a solution that might help all users if they have this problem. Its just not right for Apple to state that it 99% harder for another face to open the new iPhone 11 pro.

Comments:

I have 3 boys and only one was able to open my phone with his face.

Thank you for your time.

Reply

gravatar

From Josh Kirschner on October 02, 2019 :: 3:17 pm


Kids are pretty clever. Are you sure he didn’t add his face to the phone when it was unlocked and you weren’t paying attention?

Reply

gravatar

From Ruth castillo on July 05, 2020 :: 6:12 pm


I need help in finding my hackers and please remove them permently

Reply

gravatar

From PUJA love sanjay on July 23, 2020 :: 10:06 pm


Puja

Reply

gravatar

From PUJA love sanjay on July 23, 2020 :: 10:07 pm


Phon contrack

Reply

gravatar

From Scott Eustice on July 30, 2020 :: 10:53 am


Yes I would like to know the process and step to take to reboot my account so that my friends can receive my posts and that I can see theirs? Also I think a girl that contacted me decided to mess with me and my account/profile. What I first noticed she was posting my own pictures of my profile. The next thing I know there is a second profile in my name. There is no cover picture of me on it. I opened the second profile that I did not set up. There are pictures of people that I have never seen before. Can you help me and look into this second profile and getting rid of it?
Thank you!
Scott Eustice

Reply

gravatar

From Desiree mom on May 21, 2021 :: 12:00 am


FB issues…yes same here. Stàrted with just my ex ..
Now his crazy date met via Facebook is also doing this?? To post explicit pics…it could possibly be another stalker. They do it to every phone. Every email and obviously someone who knows enough about me to understand I’m too busy with special needs (youngest of 3) child- to have time to keep making new emàils. They fear I may get a life àway from them?? Or just sick in the head ?? Ughhhh…wish they would find something better to do…it’s affected my 3 kids& makes me very upset…they have even stolen my phone number I cancelled. Now I am thinking the person who told me to get rid of my phone # is possibly a random part of this hacking mess..what is truly wrong with this type of person/ people.i am a single mom far under poverty level..not $ to be had. Guess it’s their distorted ego and longing for control. Any helpful advice appreciated. Sorry to hear others going through this.

Reply

gravatar

From Mary Sosson on December 20, 2020 :: 6:51 pm


I have been hacked a dozen times lately, a lady was almost scammed for a lot of money by someone using an old account of mine.I finally found it and it had an old phone number that I had set up an account on. I dialed the number and some one was using it. But I couldn’t retrieve the password or change it dose anyone know how to get it deleted??

Reply

gravatar

From david dj Mendelsohn on January 18, 2021 :: 4:25 am


The things they are doing. I have android system apps showing 5 different instances with no data. Left over folders, very messy. My isp is working with them believe I know since 12/20.and because I keep trying to figure out how to avoid them. I have changed my ssid names, new computer name, MS accounts, and the list goes on. I know of 3 possible sources but cannot prove it. But 1 stands out because they left clues on my primary phone that was factory hard reset by samsung, needed to repair. Either way it is illegal, causing me anxiety, distress,depression and a state of compete mistrust. To the point my new desktop tower by HP already has 65gb of storage used? How is that possible. I bought it 12/23/20 and frankly afraid to use it because they are on my isp line. Confirmed Mac ids and modems objected before mine while I was in my isp account. Help. DJ Mendelsohn

Reply

gravatar

From Indra on March 14, 2021 :: 4:08 am


My Facebook huck please help unblock

Reply

gravatar

From EDWARD ANTHONY GYE on May 06, 2021 :: 9:01 pm


Yeah hello everyone I got the bed virus of the Facebook page with my oppo phone if anyone can send me a link for my oppo phone for the anti-virus please thank you

Reply

gravatar

From jeanette gauckler on May 22, 2021 :: 4:50 am


I have bought a new i phone, the problem remaind.
I still have a garantie on my device but the store refuses to exchange my phone.
now all my devices are affected, that, websites i can not open, that phonecalls have been made over my phone which I do not know. That friends can not reach me and someone else is posting or answering as my persona.
i have tried many times to contact Goverment Cybercrime, or On FB but my e-mails are not being received.
i cant even make my on line school because someone has blocked that site!
Please I do not know anymore what to do!!!!

Reply

gravatar

From lina on December 12, 2021 :: 2:32 pm


I think that my phone may be hacked because number 1 my phone screen keeps moving by itself and that my iphone passcode is no longer working it worked in the morning but now its not i have tried 20 to fix it but it doesnt work at all

Reply

gravatar

From Mine on April 20, 2022 :: 10:22 am


Been telling phone carrier for years that I have been hacked and nothing ever done and always the same excuses. Why is it there’s an article now, when it’s been mentioned and told about for years. Why isn’t the phone companies doing anything especially when paying such a high price for service and the plan you need to access your services?

Reply

gravatar

From Robert oneill on May 07, 2022 :: 2:55 am


Can someone please help me with the situation

Reply

gravatar

From Robert oneill on May 07, 2022 :: 2:57 am


Why do you use my phone for the last 3 and a 1/2 years They took it over my holiday in the area app on my phone all my money they break everything I have I have I know what it seems but it’s all catching up too

Reply

gravatar

From Robert oneill on May 07, 2022 :: 2:59 am


, , ,  If someone help me with this situation why do you need to be so philosoph I’ve used everything’s I’m crazy there’s not a joke there’s not funny anymore I’ve been in jail I’ve lost people close to me and I’ve lost you and I’ve lost you and I’ve lost you and I’ve lost you and I’ve lost you and I’ve lost you and I’ve lost you and I’ve lost you and I’ve lost you and I’ve lost you and I’ve lost you I’ve lost you Someone please help me

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.