Herr der Verboten
Honorary Master
He probably installed/added backorifice to them.
-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: Do you think Bafana Bafana will win tonight?
iPhone hacked
- Thread starter EvoX
- Start date
Barbarian Conan
Executive Member
As you said RICA etc is service provider issues.
Jailbreaking - yeah, possible that malware was installed, but wiping, installing legit firmware and factory resetting should solve that.
Email - I am 99.9999% certain that MS SA employees don't have access to the production email databases for outlook accounts. Even if they did, the passwords would be encrypted.
If someone from MS SA hacked your email, it is most likely social engineering. In other words, you gave them your passwords.
To access whatsapp, they need to OTP that is sent via SMS to your number. It could be if they successfully cloned your sim or did a sim swap, but you would have known about it. Not a whatsapp hack.
Do they not have access to your icloud passwords? That is the most logical reason why they would still have access to call logs etc.
Change the password again.
Your browser will sync bookmarks etc to iCloud, that is why the company bookmarks are still there. Working as designed.
CranialBlaze
Expert Member
- Joined
- Jan 24, 2008
- Messages
- 4,207
- Reaction score
- 1,101
Never said hacking was impossible, I said hacking to the extent and degree that you are claiming is impossible. There is a difference, but if you were intelligent enough to comprehend said difference you’d have been intelligent enough to not be talking out of your ******* so…
itareanlnotani
Executive Member
Anything is possible, but you can rule out the unlikely unless you have very specific reasons not to.
From what you're telling us so far, it doesn't sound like the unlikely.
IT people are a suspicious bunch, as we deal with a lot of people who often don't know what they're talking about, all the time, so practice is typically verify, then trust.
Allow us to help you, and provide more information as to why you think things are fubar.
As for company stuff on the iPhone. Is it a company phone?
If its a device enrolled in MDM (Mobile Device Management), then yes, your companies IT can install and configure stuff on that phone even after a clean firmware install.
You can check if a device is enrolled in MDM by checking the following:
Instructions
- Open the Settings app on the iOS device.
- Open the General tab.
- Click on Profiles & Device Management.
- Open MDM Profile.
Last edited:
SauRoNZA
Honorary Master
I perfectly understand the situation.
I also perfectly understand that you have absolutely no idea what you are talking about or are simply batshit insane looking for hacks where there are none.
charlieharper
Expert Member
Any chance you may have been sim-swapped? Which may have allowed the “hacker” to gain access into the account via SMS-2FA?
Apple does SMS 2FA if you don’t own another Apple device, eg Mac / iPad.
Also, SMS 2FA is probably the most unsafe method of 2FA, as phone numbers, by design, was never intended to be used as a security thing. Hence, I’m super against it.
Apple does SMS 2FA if you don’t own another Apple device, eg Mac / iPad.
Also, SMS 2FA is probably the most unsafe method of 2FA, as phone numbers, by design, was never intended to be used as a security thing. Hence, I’m super against it.
Ahhh so we getting somewhere. This device was used with mobile iron, Vodacom device manager and airwatch.
So the little IT sh*t arse managing it would have full access to the device? Pictures, camera, location, messages etc!?
Fml.
Sim swap then reverse sim swap, easy to do.
You would think that MS SA won’t have access to hotmail and outlook accounts, but they did have access till about 2018. I went to their offices in Bryanston after I spoke to them and they reset my password on personal email.
It’s highly unlikely that each app was compromised individually, it’s a device hack or device access.
Barbarian Conan
Executive Member
Resetting a password is not the same as having access. Resetting a password is a standard admin function. They can't log into your account or view your email.
Yes but you are speaking from a company POV where you and the employee are in the same company.
With hotmail and gmail the user is not an employee and the email service is a free service.
So the user feels isolated as if you vs the giant MS or google and you locked out of your free email accounts for day or weeks with no one to complain to like IT or management.
The “hacker” has full access to your account for whatever the said period till you able to get back your access to your email.
Barbarian Conan
Executive Member
Any bank clerk can reset my internet banking password, yet they also can't log in to my internet banking.
MS employees can not "hack" your email or log into your email account.
The only access 99.9999999999% employees have to production data, is that which is specifically allowed through an interface designed to give them access.
Trust me on this. I work for a company that also offers a "Software as a Service" type offering, like email is. Even if a customer logs a ticket about a bug, I can not access that customer's data directly. I have to submit a request to the 0.00001% of employees who can access it, and they need the customer's explicit permission. There needs to be a record of why the supplied me with it, with the customer's permission. It needs to be done this way for compliance reasons, and it is audited.
The protection of information acts around the world is pretty serious. If MS allowed an employee to access anyone's email, they would be sued, fined, and you would have read about it all over the internet.
You need to trust that you don't know enough about how stuff works to make the claims that you are making.
itareanlnotani
Executive Member
If you are enrolled in MDM - i.e. there is an MDM profile for Mobile Iron on your phone, then that phone is a managed device.
Sounds like its not your phone, and its a work phone.
MDM enrolled devices can have software installed on them, restrictions enabled (eg not being able to use certain functionality, restricting network access, encrypting data). Phones can also be remotely wiped, and location tracked.
Passwords for other software - no.
Photos, messages not so much. Some metadata yes - mostly in the form of space used, number of photos, but not the photos. Similar for messages - metadata, but not the content of messages.
Both Airwatch and MobileIron can be used for MDM. Do you have both profiles installed in the MDM settings?
If I check Vodacom's MDM solution - looks like thats integrated with Airwatch (or more likely Airwatch).
Secure Device Management | Vodacom Business
Protect your business from mobile security threats. Vodacom Secure Device Manager lets you securely monitor, manage and support your entire fleet of smartphones and tablets without compromising your company's security.
www.vodacombusiness.co.za
It would be unusual to have both Airwatch and MobileIron, as they do similar things, but companies do migrate solutions, so that is possible.
Instead of jumping to conclusions though, can you come back with some detail on what i asked, and let us know the answers to the following:
Are MDM profiles setup on your device?
Is it your personal phone?
Is it a work phone?
Last edited:
AfricanTech
Honorary Master
If you are enrolled in MDM - i.e. there is an MDM profile for Mobile Iron on your phone, then that phone is a managed device.
Sounds like its not your phone, and its a work phone.
MDM enrolled devices can have software installed on them, restrictions enabled (eg not being able to use certain functionality, restricting network access, encrypting data). Phones can also be remotely wiped, and location tracked.
Passwords for other software - no.
Photos, messages not so much. Some metadata yes - mostly in the form of space used, number of photos, but not the photos. Similar for messages - metadata, but not the content of messages.
Both Airwatch and MobileIron can be used for MDM. Do you have both profiles installed in the MDM settings?
If I check Vodacom's MDM solution - looks like thats integrated with Airwatch (or more likely Airwatch).
Secure Device Management | Vodacom Business
Protect your business from mobile security threats. Vodacom Secure Device Manager lets you securely monitor, manage and support your entire fleet of smartphones and tablets without compromising your company's security.
It would be unusual to have both Airwatch and MobileIron, as they do similar things, but companies do migrate solutions, so that is possible.
Instead of jumping to conclusions though, can you come back with some detail on what i asked, and let us know the answers to the following:
Are MDM profiles setup on your device?
Is it your personal phone?
Is it a work phone?
On an iPhone 5?
Count me impressed that such an old phone can run all this stuff and still be usable
itareanlnotani
Executive Member
MDM at the phone side is mostly just a profile - restrict this, allow that, check server to see if need to install software etc - that sort of thing.
Different iOS (and Android) versions will have differing capabilities, but should be similar - I haven't really delved into it too deeply.
I'm probably feeding paranoia at this point though, I agree completely with what @SauRoNZA wrote above ( #65 )
Yes but there’s motive. Even if logins were passed on to another party.
Herr der Verboten
Honorary Master
Aliens?
Mobile iron was first, proof of concept then airwatch and then Vodacom device manager.If you are enrolled in MDM - i.e. there is an MDM profile for Mobile Iron on your phone, then that phone is a managed device.
Sounds like its not your phone, and its a work phone.
MDM enrolled devices can have software installed on them, restrictions enabled (eg not being able to use certain functionality, restricting network access, encrypting data). Phones can also be remotely wiped, and location tracked.
Passwords for other software - no.
Photos, messages not so much. Some metadata yes - mostly in the form of space used, number of photos, but not the photos. Similar for messages - metadata, but not the content of messages.
Both Airwatch and MobileIron can be used for MDM. Do you have both profiles installed in the MDM settings?
If I check Vodacom's MDM solution - looks like thats integrated with Airwatch (or more likely Airwatch).
Secure Device Management | Vodacom Business
Protect your business from mobile security threats. Vodacom Secure Device Manager lets you securely monitor, manage and support your entire fleet of smartphones and tablets without compromising your company's security.
It would be unusual to have both Airwatch and MobileIron, as they do similar things, but companies do migrate solutions, so that is possible.
Instead of jumping to conclusions though, can you come back with some detail on what i asked, and let us know the answers to the following:
Are MDM profiles setup on your device?
Is it your personal phone?
Is it a work phone?
MDM was removed but that lead to other types of hacking. MDM was definitely used initially. Although the JB was done after MDM installed and I now remember I spoofed the location and fixed it to one location. That was with the JB.
Phones are personal but I remember with access to enterprise portals the device could be monitored. So the device would be company property and usage would fall under company policy but only when the MDM was setup. I wasn’t aware of motive back then.
Still works flawlessly, even battery when not “hacked”. Never used a cover but apart from a few scratches still fine.
Just Apple stopped sw at iOS 12.
SauRoNZA
Honorary Master
You can do quite a bit with MDM profiles yes.
If the device was originally provided via Apple DEP program and not removed then you also can’t remove it and it would pull the configuration back down the moment it touches the internet.
HOWEVER.
Apple being privacy first none of the things OP is claiming is possible through MDM.
You can’t actually access any data. You can in some cases see the volume of data through stats like how many messages there are or how much space they consume but you cannot access messages or contacts or the phone book history like OP claims.
As was already advised it’s easy to see if there is an MDM profile but OP isn’t actually open to action anything and rather wants to troll the whole place it seems.
Or is simply crazy.