Jump to content
stevenjames

iPhone Compromised - is it possible?

Recommended Posts

So, I have just found out my iphone was used at 7pm last night to make a purchase from the online Adidas store here in the UK.

Now this could not be as it was sitting next to me on my desk as i used my macbook to make music at that time. 
How do i know it was the iphone that made the purchase?
After I noticed a £53 transaction on my bank account today from yesterday which i never placed, I called my banks fraud team who proceeded to tell me my iphone device was used to make the order online, using my debit card *(which was not attached to apple pay on my iphone, it is not stored anywhere as it has been a new card i got at the beginning of the month)

The only thing that links or relates to this transaction last night is two prior online payment confirmations from two seperate credit card apps.

eg. Log into App, click make payment, select amount then the app sends me to Safari browser on iphone to enter my 3 digit CVV code to make the payment outside of the app.

I did this twice (two seperate credit card apps) and the fraud team confirmed these two transactions were the ones that show it was my iphone which made this fraudulent transaction last night as the same device ID was used.... impossible!!!!   

How can this be when it was sitting next to me? 
is my iphone compromised?
Has it been cloned?
How did they get both my new card details AND my iphone device id?

Share this post


Link to post
Share on other sites

It is possible for iPhones to be compromised, but it is not easy to do, and is generally only the work of either a nation-state adversary (who would be interested in spying, not stealing from your bank account) or someone with physical access to the device. Remote infection is very difficult, generally requiring the use of one or more iOS vulnerabilities, each of which can cost in excess of $1 million. Someone with access to such a vulnerability would be more likely to sell it than use it for a small purchase.

In other words, it's exceedingly unlikely that what happened was caused by your phone itself being hacked or infected.

What I'm guessing probably happened is that someone has gotten your debit card number, probably from a skimmer on an ATM or point-of-sale terminal, and then made a purchase using that number. It's also possible - if you regularly use your debit card to make purchases (which you should not do!) - that someone you handed the card to copied the info. (Always make purchases with a credit card, where you can engage with fraud prevention before you pay any money, rather than having to talk with your bank after the money's already gone.)

The person you spoke to in your bank's fraud prevention department is undoubtedly not technically inclined, and would likely have no way to tell whether the purchase was made from your phone, or just from a phone. (In fact, if they could tell it was made from a phone, rather than a computer, that would surprise me.) I would not be inclined to believe them if they claimed the purchase was made from your phone, unless they were able to give you specific, technical information on why they believe that to be true.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.