Have I been pwned?
July 6, 2020 12:21 PM Subscribe
I just followed a scammy/potentially malicious link via SMS, on my iPhone (11 Pro, running up-to-date 13.5.1). Should I assume that my iOS was just compromised? If so, what should I do about it?
I received an SMS message that appeared to be from a shipping carrier (I researched the claimed name before clicking, and they are legit and operate in my area), so I tapped the link, and saw my Safari rapidly forward through several domains before landing on what looks like a Comcast mobile survey. I immediately closed the page, but of course if there was spooky Javascript anywhere in there, the damage is done. I just restarted my phone so that if there's any non-persistent spookyness, it's gone (but I can't rule out some kind of web-based jailbreak+install-a-persistent-backdoor scam).
I have no reason to believe I'd be targeted for anything other than run-of-the-mill identity theft, for what it's worth, but I do have money in bank accounts that are tied to that device. I have not used the device since this happened -- I'm just staring at it trying to decide how paranoid I ought to be.
I received an SMS message that appeared to be from a shipping carrier (I researched the claimed name before clicking, and they are legit and operate in my area), so I tapped the link, and saw my Safari rapidly forward through several domains before landing on what looks like a Comcast mobile survey. I immediately closed the page, but of course if there was spooky Javascript anywhere in there, the damage is done. I just restarted my phone so that if there's any non-persistent spookyness, it's gone (but I can't rule out some kind of web-based jailbreak+install-a-persistent-backdoor scam).
I have no reason to believe I'd be targeted for anything other than run-of-the-mill identity theft, for what it's worth, but I do have money in bank accounts that are tied to that device. I have not used the device since this happened -- I'm just staring at it trying to decide how paranoid I ought to be.
Best answer: It is unlikely that someone would use an exploit that would work on a fully patched iOS device for an unsophisticated attack on a random person (or group of them).
If you're deeply concerned and have the technical skills to do so, you can capture all the network traffic from the device and look for indications of communication with command and control infrastructure. Or reinstall the OS - it's been a while since I've done it but IIRC the Apple backup/restore from cloud is relatively painless to get back to where you were.
posted by Candleman at 1:15 PM on July 6, 2020
If you're deeply concerned and have the technical skills to do so, you can capture all the network traffic from the device and look for indications of communication with command and control infrastructure. Or reinstall the OS - it's been a while since I've done it but IIRC the Apple backup/restore from cloud is relatively painless to get back to where you were.
posted by Candleman at 1:15 PM on July 6, 2020
Best answer: Agreeing with the above. It is extraordinarily non-trivial to remotely exploit an iOS device, and _just_ clicking a weblink with resulting Safari forwards isn't it. As long as you didn't install anything like a certificate of any sort, there's very little risk here. iOS is very robust at warning you/asking you before you do anything risky.
posted by griffey at 2:35 PM on July 6, 2020
posted by griffey at 2:35 PM on July 6, 2020
Best answer: i got a similar SMS once a few months ago, stupidly followed the link it contained, and later that day was unable to log into my Netflix account. turns out the link had captured the Netflix credentials on my phone, changed the account password, and upgraded the account to the most expensive offering. i had to call Netflix and give them new info so they could create a new account for me.
it was relatively low impact to me, but it did raise the question of what other apps have credentials that can be accessed in this way.
posted by hollisimo at 3:33 PM on July 6, 2020 [1 favorite]
it was relatively low impact to me, but it did raise the question of what other apps have credentials that can be accessed in this way.
posted by hollisimo at 3:33 PM on July 6, 2020 [1 favorite]
Best answer: If I was gonna own your phone and you’re not a CEO or Prime Minister or something, I wouldn’t burn a 0 day exploit on you. You’re not worth it. Relax. If your phone hadn’t been updated since Obama, I’d say you might just want to reinstall. But I would just turn your phone off and on. Any weirdness will be cleared out. If you did actually get owned, congratulations you must be rich and famous, and you can probably afford the fallout tbh.
posted by Geckwoistmeinauto at 4:34 PM on July 6, 2020
posted by Geckwoistmeinauto at 4:34 PM on July 6, 2020
This thread is closed to new comments.
Also, you probably added a few "clicks" to some click-fraud against an advertiser somewhere.
posted by aramaic at 12:50 PM on July 6, 2020