Jump to content

My phone is hacked


Recommended Posts

If I do a factory reset, will I lose all my authentication app logins. I don’t want to be locked out. I switched everything from sms cause they were intercepting those. 
 

they spammed sms me on Saturday and locked me out of my phone. They turned on digits sms forwarding and received reset codes while I saw spam messages. I’ve lost so many accounts that I can’t get back now and years of files both business and personal. Some times when I hit incognito in my phone I see spam. 
 

i

Link to post
Share on other sites

  • Staff

You'd need to check whatever app you're using to generate those 2FA codes. Different apps handle it differently, but if the app you're using doesn't have any kind of backup, you'd lose the ability to generate those codes on factory reset... or losing the phone, getting a new phone, deleting the app, etc.

As for your description of the symptoms, I simply don't understand at all. How did receiving spam SMS messages lock you out of your phone? What makes you say that someone turned on SMS forwarding for your phone number? I don't believe this could be used to make you see different SMS messages. What do you mean when you say "when I hit incognito in my phone I see spam?"

Link to post
Share on other sites

I received 300 sms within 15 mins. It put my phone into SOS. I was at T-Mobile almost all day trying to get it out of SOS. They said digits sms forward was enabled. I never turned this on. This was on Saturday. Yesterday, once again sms forwarding was enabled. They were trying to get into my new email account which also locked me out due to unusual activity. The people have been taunting online through my own accounts. 

Link to post
Share on other sites

  • Staff

I don't know what "digits line" refers to. If this is some third party app that is doing SMS forwarding, you should uninstall it and contact the developer of that app to see if your account with them has been compromised.

If this is some app offered by T-Mobile, I'd expect them to offer some suggestions.

Bottom line, it's almost certain your phone itself hasn't been hacked. That's very difficult to do with iOS, and is generally out of reach to folks who would be using that access for such an amateurish attack. (It may be disruptive to you, but it sounds noisy, and that is absolutely not the kind of thing true sophisticated attackers engage in.)

Thus the questions... somehow, they've compromised some online account or something similar that is helping them perpetrate this attack.

Link to post
Share on other sites

I’ve included a screen shot of the app setting they kept turning on. Right now my account is completely deleted with T-Mobile. As you can see they were able to turn this setting on twice and intercept my reset codes. Im sure it was amateursish but it was enough to destroy my life by taking over reset codes and login codes from accounts. I have since tried switched everything to apps for authentication. 

They took over my email which was the main thing, reset codes to numerous other sites then deleted my email account along with all my files. They have tried taking over a completely new email. I have transferred all my authorizations apps to my old phone. Do you think I should try a factory reset? 

8B65427F-EF06-4D4B-AE4D-2FF42CADD38E.jpeg

Link to post
Share on other sites

  • Staff

Okay, as I suspected, this isn't an iPhone hack, it's an online account hack. If an attacker was able to gain access to your e-mail address, they could use that access to take over other accounts, doing things like intercepting e-mailed password reset links or codes and whatnot. Once they were able to take over your T-Mobile account, they could set up SMS forwarding and gain access to 2FA codes.

For a detailed description of how this happened to a journalist named Mat Honan, see:

https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/

Unfortunately, recovery from something like this is not easy or pleasant. First, you need to regain access to your e-mail address. You may need to talk to your e-mail provider about that, and you'll definitely want to set up 2FA on your e-mail if you didn't already have it. Since the attackers have access to your SMS, you'll need to choose to use an authenticator app instead, if that is an option.

Also, if your e-mail system has "security questions" for account recovery, with questions like "what's your mother's maiden name" or "what street did you grow up on," be aware that providing truthful answers to these is a bad idea. Much of this information is in the public domain, for someone determined enough to seek it out. Use fake answers, and store them in a password manager. For example, you may choose for your mother's maiden name to be "dfkensoaienfioseisni." Just don't reuse that "name" on another site! (And don't use that particular name regardless, since it's on a public forum.)

Be sure to change your e-mail account password to something long and strong. A lengthy randomly-generated password stored in a password manager is perfect. Make sure not to use the same password anywhere else!

Last but not least, check your e-mail account for any e-mail forwarding or account delegation that may have been set up. Different e-mail systems will have this in different places, but it's an easy way for an attacker to continue intercepting your e-mail, even after a password reset. If you're not sure whether this exists or how to find it, talk to your e-mail provider.

Once you've regained control of your e-mail, you'll need to go through all your other accounts - probably starting with your T-Mobile account - and go through the same steps: reset the password to something long and strong (and not used anywhere else), set up 2FA via an authenticator app, remove any SMS-based 2FA, and change or remove (if possible) the answers to any security questions.

You'll also need to have a discussion with T-Mobile about removing the SMS forwarding from your account, and making sure it doesn't get set again. Ask them about using a PIN code or passphrase to protect access to your account over the phone. If I call my cell phone provider, that's the first thing they want to know before they'll talk to me. This helps to prevent someone from calling in and pretending to be you to start an account recovery process (most of the time, at least... assuming the support agent is doing their job.)

  • Like 2
Link to post
Share on other sites

How Apple and Amazon Security Flaws Led to My Epic Hacking

Quote

In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter.

 

The fallacy of the use of Single Sign-On between different companies.  Don't do it - Resist.  Keep your accounts compartmentalized and not "linked".

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.